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levels, so no-matter how long you work as one of them yeu a 


| n February’s isste of BSD Magazine you will find the articles 
intended for,a4dministrators. However, they represent various 
come across useful apg practical content. i 


can be helpful like a good firewall and sometimes: pinSSAPS a 
pain in your neck as a_notorious virus. 

Next, Kris Moore will tell you about the upcoming PC-BSD 
changes. And at the end of the issue you willfind Fed : 
_article in which he compares the model of c 1 iZation, 
ich according to MBA studies favor. , | 
he model of relati ipps among FreeBSD itters. It’sa really 
eee read, where’apart from some paragraphs similar to the 


ones that can be found on business course, you will find examples 


of small talks. Maybe you will be surprised to find out that a 
joke can increase your effectiveness? If not, you are just jade¢ 
cozy atmosphere in BSD community. Nevertheless, its always” 
good to find out that it has some grounds in management studies. 

‘In the How To section Jose Alos will teach you about rehostir 


the VAX and OpenVMS in NetBSD hosts. A very practical article, . 


which might be a good solution if you would like to refresh.the old 
platforms. Also in this section William Olson will show you 
step how to Install and (er) re SSL for Dovecot anadsRGund 
— Open Source IMAP and POP3 email server for UNIX-likeSVstems. 
During the read of article “FreeBSD Unattended Installation 
of Servers” by Egoitz Aurrekoetxea Aurre you will learn how to 
manage the version of FreeBSD running on your machines and the 
provisioning or upgrading of each machine in an advantageous way. 
Also in admin section you can enjoy the part 2 of Rob Somervilles 
series on “FreeBSD Programming Primer (CMS)”. 
We hope you will be pleased with the read 
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Let’s Talk 


OG Fear, Loathing and Misunderstandings 
By Rob Somerville 

“You're a Nazi control freak” screamed the accountant 
as he stormed off in a violent rage, slamming the serv- 
er room door within a few millimeters of my (fortunately) 
small nose for good measure. As the glass walls vibrated 
with the impact, | had a moment of doubt — was | right in 
refusing to disclose the superuser password for all the Eu- 
ropean servers to this manager? 


Developers Corner 


OSWhat’s around the Corner: 
A Look at Upcoming PC-BSD Changes 
By Kris Moore 
Over the Christmas holidays, PC-BSD 9.1 was released 
and while it offered many new features and functionality, 
the developers havent sat back and relaxed just yet. In 
this article the author gives you a preview of some of the 
high-level changes that will be coming to PC-BSD a bit 
later this year. 


How To 


10 VAX/OpenVMS Rehosting 
in NetBSD 6.0 Hosts 


By Jose B. Alos 

One of the most important issues in the long-term projects 
industry is the obsolescence risk that impacts specially 
IT infrastructure. Maybe the most paradigmatic case oc- 
curs in the aerospace industry where projects and pro- 
grams last decades and, due to strong constraints, are 
not easy to update mainly due to legal or government re- 
quirements. From this article you will learn how to install, 
configure and administer VAX/OpenVMS servers hosted 
in NetBSD boxes. You will also find out how to avoid obso- 
lescence risks and improve performance for former VAX/ 
OpenVMS if you are still working with them. 


= 44 Installing and Configuring SSL for 
Dovecot and Roundcube for the Qmail MTA 
By William Olson 
Dovecot is an Open Source IMAP and POP3 email server 
for Linux/UNIX-like systems, written with security primar- 
ily in mind. Dovecot is an excellent choice for both small 
and large installations. It’s fast, simple to set up, requires 
no special administration and it uses very little memory. 
In this article the author describes how to install and con- 
figure dovecot to communicate with the imaps protocol. 
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He will show you as well how to install and configure the 
roundcube to communicate with dovecot. 


Admin 


= SFreeBSD 

Unattended Installation of Servers 

By Egoitz Aurrekoetxea Aurre 
This article tries to show how to manage an important (in 
terms of size) computing park when talking about the un- 
attended installation and upgrade of FreeBSD servers. 
During the read you will learn how to manage the ver- 
sion of FreeBSD running on your machines and the provi- 
sioning or upgrading of each machine in an advantageous 
way. This article is addressed to the readers who already 
have some sysadmin experience. However, if you are a 
beginner in the file you can always contact the author di- 
rectly and consult with him the dificulties. 


<3 4FreeBSD Programming Primer (CMS) 
Part 2 


By Rob Somerville 

In the second part of our series on programming, we will 
look at configuring our development server, write our first 
lines of code and commit the changes to a version con- 
trol system. Before you will get started, you need to have 
a FreeBSD test server available with the AMP (Apache / 
MySQL / PHP ) installed. If you want to follow the author 
step by step you will also have to use a version control 
system (VCS) and a CLI based text editor. The show ex- 
ample is based on FreeBSD 9.0 with VI, MC (for file man- 
agement) and GIT running under Virtualbox. 


In Business 


<3 8 Organizational Structure and Culture at 

FreeBSD 

By Federic Culot 
Business Schools teach you during expensive MBA stud- 
ies how managers should shape the structure and influ- 
ence the culture of organizations so that they become 
more innovative. Concepts such as natural systems, self- 
organization, creative swiping, boundary spanning, em- 
powerment... are known to be helpful in making employ- 
ees more creative. To save you the trouble of paying for 
costly business courses and based on author’s view as 
a committer, this article addresses the question to know 
whether or not FreeBSD is the right place to develop in- 
novative ideas. 
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Fear, Loathing and 
Misunderstandings 


“You're a Nazi control freak” screamed the accountant as he 
stormed off in a violent rage, slamming the server room door 
within a few millimeters of my (fortunately) small nose for good 
measure. 


s the glass walls vibrated with the im- 
[\ pact, | had a moment of doubt — 

was | right in refusing to disclose 7 
the superuser password for all the Eu- 
ropean servers to this manager? While } 
holding more seniority than me, | did | | | 
not report to him and he was not senior ' L 
to the IT manager who | reported to. 
| sighed, obviously the compromise | of- 
fered him — the ability to access bulletin boards 
and the internet via a separate account to our mo- 
dem pool — was not good enough. This left me some- 
what perplexed, as this was the reason my bean-counting colleague 
wanted the password in the first place. Or was there a different agenda 
here? Only the IT manager and | knew the password, and this being the 
80’s, we had agreed to use the same password for all the servers. With 
hindsight, this was probably a poor decision, but in those days security 
was not such an issue (we were still running MS DOS 3.3 on the desktop) 
so the risk was small. Yet despite trying to reason with him along the lines 
of “with great power comes great responsibility”, he had determined that 
the administrator password was essential to life and limb and that | 
was the one at fault. A few espressos (and Red Marlboro’s) later and 
| settled down to my normal state of calm. No more was heard of the 
matter until my annual review 6 months later where it was comment- 
ed that | was “uncooperative with certain members of management”. 

To be honest, | have always had a love-hate relationship with ac- 

countants. A forensic accountant placed a support call one day 
demanding that | change his keyboard as a vital function was 
missing (it was in fact a problem with the PC and the terminal 
emulation software not playing nice together). When | explained 
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the problem, and that it would be fixed as soon as | could 
upgrade the kit, he went into a rant about “knowing a lot 
about IT” and that it was “definitely a broken keyboard”. 
| was having a bad Monday morning, we had some se- 
rious X.25 issues, and a number of users were offline. 
The fact that Shift F10 worked fine in Wordperfect was 
beside the point. | was abrupt, yet calm: “I really suggest 
the next time you call the help desk you request some- 
one else assists as you obviously don’t trust my profes- 
sional advice it is a complete waste of our time”. Within 
5 minutes the gentleman concerned was in the IT office 
apologizing. After beer-for-the-boys the following Friday 
night, we became firm friends and suffered many post- 
corporate drinking session hangovers together (as well as 
a few good cigars). Needless to say, once we had the kit 
the problem was speedily resolved without rancor. Anoth- 
er case of if you “can’t solve the problem over a beer’ it 
probably isn’t worth it or won't be solved. 

Like all business professions, there are the good and 
the bad. The two best accountants | know have a good 
grasp of IT, and as they understand the issues, are al- 
ways very supportive and encouraging. Other not so. One 
accountant was most upset because | wanted to take his 
company to court over an unpaid invoice (9 months over- 
due) and duly cost me a contract with a sister company 
by spreading false rumors. As | am not in the business of 
bankrolling large companies with my limited cash-flow, it 
was no loss. In the world of business, we were both do- 
ing Our jobs. 

Yet, as a profession IT shares a lot in common with ac- 
countants, lawyers and auditors — we are feared, loathed 
and misunderstood in equal measure. While your aver- 
age super-user probably has a good grasp of the gen- 
eral issues, many of the specifics remain hidden. Those 
critical servers that need a decent backup / upgrade / se- 
curity patch but are neglected due to budget / time con- 
straints / pressure to deliver something else. The fact that 
we have a daisy chain of extension cords under the desk 
that would stretch round the office twice rather than am- 
ple power provision, or that it is a hidden secret in the 
organization that the user account password (with the 
password user) will give you guest rights on our network 
— troubles us deeply. All these loose ends give engineers 
nightmares, and often the pressures of imperfection gnaw 
away at our souls so we do appear rather short, sarcastic 
or downright grumpy when asked a rather silly question. 
There are bad attitudes across every corporate discipline, 
but it seems that accountants and IT shoulder an unfair 
percentage of the blame when things go wrong. 

So how do we resolve this enigma of two powerful 
groups with disparate agendas? What | have discovered 
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is that accountants love detail and hate waste, so as engi- 
neers we have an immediate platform for rapprochement. 
Where some accountants fall down is a lack of creative vi- 
sion, and the refusal to accept that you need to take risks 
to grow. Risk gives accountants nightmares. However, the 
IT sector is build on risk, hype and illusion yet the corpo- 
rate ethos refuses to accept this. Risk is part of IT life. In 
reality, we are all just advanced beta-testers for the mar- 
ketplace until the next “standard” comes along. If a plat- 
form / software / idea takes off and reaches critical mass 
it is considered “established” and we all know the age old 
phrase “Nobody got fired for buying IBM”. The real joy 
from working in IT is providing solutions, fixing problems, 
making things better. And of course, managing the risk. 

IT, like accountants, cannot work in isolation. We need 
to get to grips with the corporate beast, that horrible group- 
think that seems to enslave people where more than 2 or 
3 gather, that carries with it all the divisions, petty polli- 
tics, needless bureaucracy and inflexible rules that stifle 
growth like a thick polythene bag. The IT department may 
not always be the best friends of the accountants, but we 
can have accountants as friends. The more we share with 
disciplines that seem alien to us, the more our vistas are 
widened, and likewise those that hate us will realize the 
challenges we face and maybe appreciate what we do. 

Oh, | nearly forgot... The accountant mentioned at the 
beginning of the article was caught downloading illegal 
software in the workplace a few months later. 


ROB SOMERVILLE 

Rob Somerville has been passionate about technology since his 
early teens. A keen advocate of open systems since the mid eight- 
ies, he has worked in many corporate sectors including finance, 
automotive, airlines, government and media in a variety of roles 
from technical support, system administrator, developer, systems 
integrator and IT manager. He has moved on from CP/M and nixie 
tubes but keeps a soldering iron handy just in case. 
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What's Around the Corner 


A Look at Upcoming PC-BSD Changes 


Over the Christmas holidays, PC-BSD 9.1 was released and while it 
offered many new features and functionality, we haven't sat back and 
relaxed just yet. In this article | want to give you a preview of some of the 
high-level changes that will be coming to PC-BSD a bit later this year. 


and package management, but we should begin 
with some of the history and philosophy behind 
PC-BSD. 

For the past half-dozen years PC-BSD has been based 
upon the same release schedule of the FreeBSD releas- 
es that it was built on. Typically when FreeBSD version 
X was released, a PC-BSD release of the same version 
number would follow within a matter of days. Between 
these times, we often only issued minor updates for spe- 
cific bug fixes to our utilities, or the occasional driver up- 
date. While this worked to help keep us in “sync’ with the 
parent FreeBSD release, it has not been the ideal situa- 
tion. Often shortly after a release we have already added 
new features to our utilities or improved upon the system 
in other ways. Additionally there have been many instanc- 
es where only a mere days after a release, a new version 
of something critical, such as a video driver or desktop 
environment has been committed to the ports tree. This 
has created a need for a better updating framework to the 
binary packages which comprise a PC-BSD desktop. 

A new challenge has also been in the area of server ad- 
ministration. Over the last year we have also begun to see 
more people using PC-BSD to run servers, either as True- 
OS, or in jails on a host system. This has also introduced 
a new set of demands in the area of package manage- 
ment. For desktop users, PC-BSD offers most applica- 
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tions in the self-contained PBI format, but when it comes 
to servers this is often not the preferred solution. System 
administrators are accustomed to being able to add pack- 
ages and plugins to a system via a more traditional pack- 
aging system and the ability to fine-tune their services. 
While many experienced FreeBSD users can do this via 
the ports system, we are seeing far more users coming to 
FreeBSD who just want to be able to install binary pack- 
ages. While PC-BSD offers a number of packages on our 
installation media, it is still a small subset of what is avail- 
able and can become outdated rather quickly. This is an- 
other challenge we plan to meet head on. 

While these are large issues to tackle, we have already 
begun implementing new solutions to solve them. The 
first item we looked at solving was the area of release 
frequency and outdated tools & packages. Due to the fact 
that releases have historically been 10-14 months apart, 
we have decided to begin to move to a ‘rolling-release” 
model, first for the packages which make up a desktop & 
server, and next for the base-system. Over the past few 
months we have already begun the process of converting 
all of our utilities to work with the new “pkgng” package- 
management system. By converting the systems to us- 
ing pkgng, we will now have the ability to solve several 
of these problems at once. Starting with the next release 
of PC-BSD, we plan on making available a complete pk- 
gng repository. This will be constantly updated, maybe as 
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often as weekly, and kept as close in sync with the Free- 
BSD ports tree as possible. In addition we have already 
begun the conversion of our entire PC-BSD toolchain into 
two ports for this repository, pcbsd-utils and pcbsd-utils- 
qt4, for the command-line and GUI respectively. These 
ports will now be updated more frequently, pushing out 
bug-fixes and new features on a regular basis, also mak- 
ing them not dependent upon a specific PC-BSD point- 
release. 

Once the dust from the packaging changes has settled, 
we also plan on looking at some ways to do frequent up- 
dates to the base FreeBSD system as well. Currently we 
are looking at offering three system “tracks” that a user 
can run. First would be a typical “-RELEASE” based track, 
moving from FreeBSD 9.1, 9.2, 9.3 and so forth, as is 
done now. However, the other two will follow the newer 
“STABLE” and “CURRENT” tracks of FreeBSD on a yet- 
to-be-determined frequency, possibly quarterly. These will 
provide users with the ability to run both a PC-BSD desk- 
top or server on newer FreeBSD code, testing out new 
features and drivers. It will prove helpful to advanced us- 
ers and developers alike, allowing them to quickly get a 
desktop or server installed and configured, without having 
to fall back to compiling ports by hand. 

So how will these changes affect you? It will greatly de- 
pend upon your usage and personal preference. Users 
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who install a particular numbered release of PC-BSD will 
be allowed the choice of how often they want to update 
the base desktop packages. If you are happy with the 
included utilities and your particular version of window- 
manager, then you could sit on that version until the next 
FreeBSD point release, or whenever you are ready to up- 
grade. If you are a desktop user who wants new window- 
manager versions, features from the PC-BSD utilities and 
more, then you will now be able to stay on top of those re- 
leases on a consistent basis. For running a server or jail, 
you will also now have access to a constantly updated, 
full repository of binary packages, including the PC-BSD 
command-line utilities, such as the Warden. With all the 
PC-BSD utilities being provided as packages, for the first 
time it will also allow you to install vanilla FreeBSD, and 
roll your own PC-BSD desktop / server by using our pk- 
gng repository. Stay tuned to BSD Magazine in the com- 
ing months fore more details as these features begin to 
take shape. 


KRIS MOORE 

Kris Moore is the founder and lead developer of PC-BSD. He lives 
with his wife and four children in East Tennessee (USA), and en- 
joys building custom PC’s and gaming in his (limited) spare time. 
kris@pcbsd.org. 
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Rehosting in NetBSD 6.0 Hosts 


VAX/OpenVMS 


One of the most important issues in the long-term projects 
industry is the obsolescence risk that impacts specially IT 
infrastructure. Maybe the most paradigmatic case occurs in the 
aerospace industry where projects and programs last decades and, 
due to strong constraints, are not easy to update mainly due to 


legal or government requirements. 


What you will learn... 

« How to install, configure and administer VAX/OpenVMS servers 
hosted in NetBSD boxes 

¢ Basic topics on configuration and TCP/IP communications for emu- 
lated systems 

« Avoid obsolescence risks and improve performance for former VAX/ 
OpenVMS if you are still working with them. 

« Installation of additional VAX/OpenVMS products and software. 


bedded systems were attached to VAX/OpenVMS 

tandem. Nowadays, there exists a wide variety of 
aircraft and mission critical software systems that must be 
kept operative with no modifications for many years. 

A different point of view to take into account is the ex- 
istence of the DEC users community known as DECUS, 
which was born in 1961, although the VMS kingdom does 
not start until fourteen years later in 1975 thanks to the 
Star project. VMS reached its summit of popularity among 
programmers in the 80s as the “de facto” OS platform, not 
only for real-time applications but also for other sectors 
such as financial and government entities. 

Despite all, the VAX/OpenVMS platform is still alive for 
long-term aircraft development and the reason for this pa- 
per is to shed some light on the possibilities to rehost for- 
mer VMS-based architectures into a new ones with spe- 
cial emphasis on NetBSD Intel-based architectures. 

One of the most frequent problems in projects devoted 
to complex system design is the obsolescence of hard- 
ware and software. This case is particularly dramatic in 
the aeronautical industry where the renewal rate of IT 
equipment is much less than the project life itself, which in 
many cases is greater than a decade. 
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What you should know... 

- Basic knowledge of Unix systems as a developer focused on BSD- 
like UNIX flavor 

« Basic knowledge on VAX/ OpenVMS platform 

« Network interfaces configuration and the use of TUN/TAP virtual 
devices for NetBSD hosts. 


Let us imagine a programmable embedded de- 
vice which requires the use of RT techniques for con- 
trol purposes. The right choice twenty years ago was 
the use of VAX systems, originally developed by Digi- 
tal Equipment Corporation, running its own proprietary 
OS named VMS. But now we have to face the following 
questions: 


¢ What to do if a component fails? 

¢ How to keep my development alive to do further 
changes on it? 

¢ How to avoid the lack of knowledge for these old- 
fashioned platforms? 


These are the types of questions that this article tries to 
answer. And, as the reader can imagine, the solution re- 
quires the use of the best hardware platforms available, 
at a minimum cost, that can emulate both VAX hardware 
and OpenVMS software. 

Just a final word regarding this article which was origi- 
nally developed for a GNU/Linux system. Thanks to the 
requirement of BSD Magazine publishers, it has been 
amazing for me to discover that the use of NetBSD com- 
puters allows not only to simplify the process of setting up 
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the final prototype, but also introduces a significant ad- 
vantage for further maintenance and updates. 


History of VAX/VMS Systems 

The first VAX systems were originally developed during 
the 1970s by Digital Equipment Corporation as one of the 
best exponents of ISA platforms based on 32-bit CICS mi- 
croprocessor architecture, it was intended to replace the 
former DEC PDP servers as well as including virtual ad- 
dressing capabilities and an orthogonal set of instructions. 
These platforms reached their summit one decade later as 
the paradigm of CICS ISA architecture for RT-programmers 
and embedded devices, some of them are still working. 
VMS stands for Virtual Memory System, was previous- 
ly termed as VAX-11/VMS and provided support for DEC 
VAX and ALPHA platforms. Unfortunately, DEC was 
merged with Compaq and now Hewlett-Packard has be- 
come the current owner of this platform. VMS is a mul- 
tiuser time-shared OS that was also designed to support 
Real-Time development and batch processing. It also of- 
fers a strong flavor of High Availability through cluster so- 
lutions and distributed servers. 

These capabilities and the high reliability of the VAX/ 
OpenVMS tandem made possible its widespread use in 
embedded devices development. The first steps in 1975 
by DEC and its Star project, whose goal was to achieve a 
bigger extension of a 32-bit virtual memory for its PDP-11 
predecessors, was led by Gordon Bell, Roger Gourd and 
Dave Cutler. 

This work reach the most significant milestone with the 
release of the VAX 11/780 platform and the operating sys- 
tem VAX-11/VMS whose name has been changed along 
time. To satisfy the curiosity of the readers, take a look at 
Figure 1 to get a detailed picture of one of the most well 
known VAX workstations from the 80s. 

As a matter of curiosity, if for UNIX operating systems 
the count of time begins in 1970, the start of VMS epoch 
starts November 17" 1858 and what is more, the smallest 
unit of time is 100 ns. That means the use of the Open- 
VMS 64-bits OS to represent time allows to avoid things 
similar to the famous Y2K issue, as the end of VMS era 
will happen on July 31 31086. Is it not funny such an exhi- 
bition of endurance? 


The OpenVMS Hobbyist Project 

Despite OpenVMS being a proprietary OS, there was a 
project started in 1997, OpenVMS Hobbyist, that can be 
found by surfing http://h71000.www/.hp.com/openvms/li- 
cense_software_programs/index.html whose objective is 
to provide copies not only for the OpenVMS OS itself, but 
also for a wide variety of layered products for VAX/VMS 
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platforms for free and not for commercial use. This fact 
has made possible for other companies to release their 
products under the same regulations for non-commercial 
use such as Process Software and MVP Systems. 

The required time to get one of these OpenVMS Hob- 
byist licenses is less than one week and there is also the 
possibility to purchase a physical copy in CD-ROM by 
30 USD. Also it is possible to get copies of the associ- 
ated documentation for OpenVMS product family at http:// 
www.openvms.org/ and directly from http:/www.hp.com. 


Current Available Solutions 

Under the umbrella of all available alternatives to extend 
the life of software developed for former VAX/OpenVMS 
platforms, there are only two possible solutions, a propri- 
etary one with a high cost of purchase and maintenance, 
which is the one provided by CharonVAX, and its Open- 
Source counterpart available for Unix systems in their dif- 
ferent flavors. These two solutions present the following 
advantages regarding to the original environment: 


¢ Faster resources access and increased |/O perfor- 
mance VAX/OpenVMS 

¢ Dramatic increase in storage capability 

¢ Availability of RAID technologies for VAX/OpenVMS 

¢ Integration into the corporate IT backup infrastruc- 
ture. 

¢ Avoidance of obsolescence risks by enhancing soft- 
ware updates for VAX/OpenVMS 


CHARON VAX Emulator is a solution which allows to em- 
ulate VAX, Alpha or even the venerable PDP architecture 
under MS Windows according to the schema provided by 
Figure 1. Maybe the main advantage using this proprie- 
tary solution is the ability of handling several RS-232 seri- 
al ports or multiport cards in personal computers. 


VMS Applications VMS Applications 


oystem Litilties 
System Libraries 


system Lilies 
System Libraries 


VIS Operating System 


VAX Operating System 


CHARON — VAX 


Microsoft VWvindows 
Operating system 


ioe ee 


VAX Computer 


PC Hardyyare 


Figure 1. Proprietary Architectures to emulate VAX/OpenVMS systems 
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This latter possibility becomes specially important in the 
development of embedded systems, as it allows to re- 
place DECServer 200/700 terminal servers, also affected 
by the natural obsolescence, one of whose major exam- 
ples is provided by Figure 2. 

Our proposal to avoid proprietary software to emulate 
such VMS/VAX platforms is the use of SIMH. SIMH is a 
multiplatform emulator that runs currently in MS Windows 
and Unix systems like OpenBSD, NetBSD, Solaris and 
GNU/Linux, which will be explained more in depth in the 
following sections. 


The SIMH Emulator 
The Computer History Simulator Project, based on Bob 
Supnik's historical computer simulator, also known as 
SIMH, whose source code is available at http://simh.trail- 
ing-edge.com/, is an emulator based on MIMIC, originally 
developed in 60s and whose first version was released in 
1993 to provide complete emulation of former hardware 
and operating systems as those included in Table 1. 
Among other secondary architectures as those de- 
signed by Royal-Mcbee and Scientific Data Systems. 
Table 1. List of platforms emulated by SIMH 


Data General Nova / Eclipse 


IBM 1401/1620/1130/7090/7094/System/3 


Hewlett-Packard 2116/2100/21MX 


Altair 8800 / Intel 8080 
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Figure 2. Inside VAXStation 4000/90 
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SIMH also comes with a complete bundle of utilities to 
ease file manipulation in the native formats of these archi- 
tectures such as DEC PDP. The version covered by this 
article, SIMH 3.9-0 was released on May 3" 2012 and itis 
our recommendation for production usage. 

All the considerations made by this article can be also 
applied to other Unix systems like GNU/Linux and Solaris 
thanks to the availability of its source code and in the spe- 
cial case of NetBSD to the ports package system to auto- 
mate the build process. 


The OpenVMS Operating System 

Before starting with this article, it is necessary provide a 
little clarification about the software to be emulated, VAX/ 
OpenVMS, which is a proprietary software under copy- 
right. However, Hewlett-Packard provides free licenses for 
non-commercial use, not only for the OpenVMS OS but 
also for a wide variety of products coming from the former 
kingdom of Digital Equipment Corporation. Such licenses 
can be requested in OpenVMS Hobbyist site http:/Avww. 
openvmshobbyist.com/news.php, and they are an invalu- 
able resource for all those people interested in training or 
research on VAX/OpenVMS systems. 

The only requirements to request these licenses are: 


¢ Register in Encompass US, at the URL httos:/www. 
encompassus.org/ 

¢ Request the kit OpenVMS VAX Hobbyist Kit 3.0 

¢ Optionally, purchase the licenses you could need 
if you intend to use OpenVMS related-products for 
commercial activity. 


For this reason, apart from a license request, you need 
to get a copy of the operating systems OpenVMS 7.1 for 
VAX systems as well as the PAK licenses required to run 
these products. These considerations will apply for the 
remaining basic software covered by the Layered Prod- 
uct Licenses you might use, such as BLISS, C, PL/1, 
Fortan, Cobol compilers, interpreters and other proprie- 
tary applications. 


Getting Started with OpenVMS/VAX Emulation 
by SIMH 

Previous Requirements 

The first activity to start with, you need a NetBSD OS run- 
ning in a IA32 box with the more complete features for C/ 
C++ development, together with libpcap library to set up 
a TCP/IP connection with our emulated VAX/OpenVMS 
platform by using SIMH. In our case, our choice has 
been the latest release available NetBSD 6.0 for 1386 
architecture. Although there are available binary pack- 
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v Easy installation 

y Use on inexpensive x86 hardware 

v Wide diversity of platforms (VM,dedicated hardware) 
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v Open API with SOAP integration 

v Full OpenBSD network capabilities without limitations 
Y FREE Edition for personal use 
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ages for Intel architectures, NetBSD provides a powerful 
and simple way to compile and install the SIMH emulator 
from its source code and, what is more, the latest SIMH 
3.9.0 release has been already integrated in the cen- 
tralized pkgsrc package manager for NetBSD 6.0, which 
corresponds to the pkgsrc-2012Q3 branch, released in 
October 2012. 

Despite pkgsrc is attached to NetBSD OS, there exists 
the possibility of using this package management sys- 
tem for other Unix-like OS such as Haiku, DragonFlyBSD 
and Minix, hence the procedures described may also be 
applied for other boxes, like FreeBSD, OpenBSD and of 
course, GNU/Linux OS. 

By default a standard installation of NetBSD 6.0 pro- 
vides all necessary things and it is not necessary to re- 
compile kernel sources. The main points to control are: 


¢ NetBSD 6.0 GNU CC version 4.5.3 (NetBSD nb2 
20110806) development environment for I386 archi- 
tectures. 

¢ Generic NetBSD 6.0 kernel is enough to include even 
the more advanced features like TUN/TAP interfaces. 
This point can be checked by the following command: 
dhcppc2# uname -a 
NetBSD dhcppc2 6.0 NetBSD 6.0 (GENERIC) i386 

¢ By default, libpcap is installed in a standard NetBSD 
6.0 distribution. 


dhcppc2# ls /usr/lib/libpcap* 
/usr/lib/libpcap.a /usr/lib/libpcap.so.4 
/usr/lib/libpcap p.a 


/usr/lib/libpcap.so /usr/lib/libpcap.so.4.0 


/uer/ lib) 1ibpeap: pic. 

¢ The centralised management system, pkgsrc, and 
the latest branch pkgsrc-2012Q3 shall be download- 
ed and installed. To make easier further updates, we 
recommend to use CVS to get a copy by defining first 
CVS_RSH environment variable to “ssh”. Just type 
the command: 
S$ cd /usr && cvs -q -z2 -d anoncvs@anoncvs.NetBSD.org:/ 

cvsroot \ 


checkout. = pkosre-Z01203 =P pkoere 


Eventually, we have everything we need to build a run- 
ning VAX/OpenVMS machine in a NetBSD box. Howev- 
er, it is perfectly possible to perform the build process by 
hand, as the source code for SIMH 3.9-0 can be down- 
loaded from http://simh.trailing-edge.org. 

Remember that the PCAP library is required to enable 
TCP/IP access to the emulated VAX workstation. 

Optionally it is also interesting to compile our NetBSD 
kernel but including the support for TUN/TAP virtual de- 
vices as we will not need another network card. The lat- 
ter point will be discussed at the end of the installation 
process. 


Listing 1. /nstallation process for SIMH in NetBSD 6.0 / pkgsrc system 


# cd /usr/pkgsrc/emulators/simh 


laces ine tale 


===> Skipping vulnerability checks. 
WARNING: No /var/db/pkg/pkg-vulnerabilities file found. 


=> Fetching simhv39-0.zip 
=> Total size: 3103657 bytes 


17% [eee | 544 KiB 


simh/work/.destdir/usr/pkg/share/simh 


imh/work/.destdir/usr/pkg/share/doc/simh; 
=> Automatic manual page handling 


===> Building binary package for simh-3.9.0nb2 


===> Install binary package of simh-3.9.0nb2 


(cd /usr/pkgsrc/emulators/simh/work && for TXT in *.txt */*.txt; do 
wheel -m 644 STXT /usr/pkgsrc/emulators/s 


=> Bootstrap dependency digest>=20010302: found digest-20111104 


WARNING: To fix run: “/usr/pkg/sbin/pkg admin -K /var/db/pkg fetch-pkg-vulnerabilities’. 


Requesting http://simh.trailing-edge.com/sources/simhv39-0.zip 
135.69 KiB/s 


00:18 ETA 


/usr/bin/install -c -o root -g wheel -m 644 /usr/pkgsrc/emulators/simh/work/VAX/ka655x.bin /usr/pkgsrc/emulators/ 


/usr/bin/install -c -o root -g 


done) 


=> Creating binary package /usr/pkgsrc/packages/All/simh-3.9.0nb2.tgz 
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Installation Procedure 

Once you have downloaded and installed the pkgsrc man- 
agement system, it is time to get a copy of the SIMH 3.9.0 
source code, and use the procedure provided. In this 
case, as we are only interested in emulating a VAX plat- 
form, we can avoid compiling the other emulators includ- 
ed in SIMH. Hence, the way to proceed is shown below 
by issuing the following commands as a superuser. Oth- 
erwise, you will build all emulators provided by SIMH for 
curious and vintage computers lovers (Listing 1). 

As a result of this process, a set of binaries are pro- 
duced in the /usr/pkg/bin/ directory. Our binary of interest 
IS simh-vax which emulates a VAX machine. The last step 
consists of creating a directory structure to allocate configu- 
ration files and image files for VAX hard disks. Our choice is 
to isolate these files in the /opt/vax/data directory. 

lf you prefer a baroque approach, you can compile the 
sources by hand, by issuing the following commands: 


persephone:~$ mkdir simh 
persephone:~$ cd simh 
persephone:~S unzip sim-3.9-0.zip 
persephone:~simhsS mkdir BIN 


persephone:~$ make USE NETWORK=1 BIN/vax 


Once this operation has finished, let us generate by 
hand the directories structure: 


root@persephone:~# mkdir -p /opt/vax/bin 
root@persephone:~# mkdir /opt/vax/data 


and proceed to copy the binary file vax including the bi- 
nary PROM code KA655 to its final directory. 


root@persephone:~# cp BIN/vax /usr/pkg/bin 
root@persephone:~# cp VAX/ka655.bin /opt/vax/data 


Meanwhile, it is also required to create an initial config- 
uration file simn-vax.ini In the same directory /usr/pkg/ 
bin In which simn-vax is found. This file shown in Listing 
2 shall cover all the basic characteristics and features for 
the emulated platform. 

Now, create a soft link from this configuration file to the 
directory /opt/vax/bin, So that this file can be safely found 
and used: 


persephone# In -sf /opt/vax/data/simh-vax.ini 


/usr/pkg/bin/simh-simh-vax.ini 


In this configuration file, a VAX system is created with 64 
MB RAM by default and three hard disks RA92 mapped 
into the devices rq0, rqi and rq2, respectively. Also this 
file includes a virtual CD-ROM unit mapped onto virtual 
device rq3 under the file /opt/vax/data/cd.iso, which will 
be used to install a copy of OpenVMS 7.1 OS. Eventu- 


Listing 2. /nitial configuration file for VAX/OpenVMS emulation with 
SIMH simh-vax.ini 


, load CPU mrerecode 

load -r /opt/vax/data/ka655x.bin 

; Attach non-volatile RAM to a file 

attach nvr /opt/vax/data/nvram.bin 

; This virtual machine has 64M memory 

set cpu 64m 

; Define disk drive types. RA92 is largest-supported VAX 
drive. 

set rg0 ra92 

set rgql ra92 

set rq2 ra92 

set rgq3 cdrom 

; Attach defined drives to local files 

attach rq0 /opt/vax/data/d0.dsk 


attach rgql /opt/vax/data/dl.dsk 

attach rq2 /opt/vax/data/d2.dsk 

; Attach the CD-ROM to its file (read-only) 

attach -r rq3 /opt/vax/data/cd.iso 

; Disable unused devices. It's also possible to disable 
individual devices, 

PUSstiGiat COME uCihOni hikes, SobeeO2 "dteable eli 
desired. 


set rl disable 


set ts disable 

; Attach Ethernet to a network interface 
set xq mac=46-9E-8A-95-F8-06 

attach xq eth0 

; Now start the emulator 
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ally, the Ethernet address of a network adaptar shall be 
defined to provide TCP/IP connectivity to the emulated 
system. 

Once these steps have been performed, it is possible 
to start with VAX/OpenVMS emulator by issuing the com- 
mand: 


persephone# cd /usr/pkg/bin && ./simh-vax 


and the display output is given by Figure 3. 

After running the emulator, the next thing is to install our 
copy of OpenVMS OS. In our case, we have chosen the 
release OpenVMS /7.1 to provide a fully practical example, 
but it can be changed with no major problems. 


Installing OpenVMS 7.1 OS 

Usually, OpenVMS 7.1 is available with CD-ROM support 
and to proceed with installation, it is necessary to create 
an ISO-9660 image named cd.iso. According to the set- 
tings defined in our configuration file simn-vax.ini, this 
ISO image file should be put into /opt/vax/data, by typing 
the following command: 


persephone# dd if=/dev/cdrom of=/opt/vax/data/cd.iso 


Furthermore, it is also required to create a 1GB empty 
file to act as a VAX/OpenVMS hard disk that will be used 
to install the VMS operating system and other utilities. 
This file is named /opt/vax/data/d0.dsk and the mapping 
for our virtual device is rgo from Listing 1. 


root@persephone:~# dd if=/dev/zero of=/opt/vax/data/d0.iso 
count=1024k bs=1k 


| fy xterm 


- = 
wash-3,18 /opt/vaxbin/vap 
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At this point, keep in mind that two decades ago, a typ- 
ical hard disk as RRD92 had only 400 MB storage, 
which was certainly a great event for that epoch. In 
the same way, if you want to create another VAX hard 
disk, you have only to repeat this process by modify- 
ing the configuration and mappings for such devices in 
Our simh-vax.ini file. Once we have reached this point, 
it is time to start our SIMH emulator for VAX/OpenVMS 
platform: 


root@persephone:~# cd /usr/pkg/bin && /usr/pkg/bin/simh-vax 


Hence, the device rq3 from our VAX/OpenVMS emula- 
tor, contains the OpenVMS 7.1 OS CD-ROM to install the 
operating system. At a firmware level, the logical trans- 
lation is given by DUA3 device as shown in Figure 4. In 
the present case, we should use as our main VAX hard 
disk the device DUAO which will be in charge of starting 
the bootstrap process for our VAX/OpenVMS platform 
once the OS has been successfully installed. 

Follow faithfully the steps given by the interactive instal- 
lation assistant, by providing all requested information. 
Once OpenVMS /7.1 has finished the installation process, 
restart the emulator from DUAO instead of using DUA3, by 
issuing the set of commands given in Listing 3. 

When the OpenVMS 7.1 OS is ready and shows its 
prompt, it is time to install the licenses as well as those 
corresponding to the OpenVMS Layered Components 
that have been previously received from Hobbyist project. 

By default, the list of installed products apart from our 
OpenVMS 7.1 operating system are given by the VMS 
command and the results in Listing 4. 


| fy xterm 


UOSSP Tape Controller 0 (774500) 
“MAO (TK50) 
“HAL (TK50) 
-MUA2 (TKSO) 
“HUAS (TKS0) 


Ethernet Adapter 0 (774440) 
-¥0A0 (00-11-95-5C-F5-B4) 
>ePboot duas 

(BOOT/R5:0 DUAS 


A501 SBUOT-I-SYSBOOT Mapping the SYSDUHP.DMP on the System Disk 
#57SBOOT-W-SYSBOOT Can not map SYSDUMP,DMP on the System Disk 
251 SB00T-W-SYSEO0T Can not map PAGEFILE.SYS on the System Disk 

OpenVMS (1M) WAX Version X7G7 Major version id = 1 Minor version id = 0 
AWEM-[-WBHINFO Write Bitmap has successfully completed initialization, 
PLEASE ENTER DATE AND TIME (DD-MHM-YY¥Y HHsMM) 


Figure 4. Starting up OpenVMS Operating System installation using 
DUA3 
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Listing 3. Starting the installation process for OpenVMS in SIMH emulation 


persephone# cd /usr/pkg/bin && /usr/pkg/bin/simh-vax 


VAX Simulator V3 .0=0) 

NVR: buffering file in memory 

./simh-vax.ini> set rq4 ra92 

Unit disabled 

RO: Suntan as seeacdvonlky 

./simh-vax.ini> attach -r rq4 /opt/vax/data/cws860.bak 

Unit disabled 

./simh-vax.ini> attach -r rq5 /opt/vax/data/xd-ada-mc68020.iso 
Unit disabled 

lnbpcace vers vom tie 


Eth: opened OS device re0 


KA655-B V5.3, VMB 2.7 

Performing normal system tests. 

AN Opera cr eos teres arene out Ne Ge mee sree) ochre va narus dU eeres) Grn ac lar Palo eer al ape rtyal oye ao) eae 
TaN A er TA ll yO marge BS cD oral a severally cpr yall Selec 2 als etal aaa Mee ee (O)c a OS a 
Gc E ies Opera Cl sytem Oy oirer 0ipern Olean 

Tests completed. 

>>>b dual 

(BOOT/R5:0 DUAO 


Available devices for this installation are: 


Available device DUAO: device type RA92 
Available device DUAI: device type RA92 
Available device DUA2: device type RA92 
Available device DUA3: device type RRD40 
Available device DYAO: device type RX02 
Available device DYAI1: device type RX02 
Available device MUAO: device type TK50 
Available device MUAI1: device type TK50 
Available device MUA2: device type TK50 
Available device MUAS3: device type TK50 


Listing 4. Software details in OpenVMS 7.1 OS Installation 


S jOeOciwicis Slory joucwlweic 


PRODUCT hit Eyes STATE 

DEC VAXVMS DECNET PHASE IV i ea Sel ine Installed 
DEC VAXVMS ECPIP V5. 1-15 Full LP Installed 
DEC VAX VMSeVMS 74 Transition Installed 


3 items found 
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Optionally, you can also install additional products re- 
quired for your further usage. We will only focus on the 
TCP/IP communications suite, the use of native DECnet 
protocol will be omitted. 


Installing optional products VAX/OpenVMS 

Again, by means of our ISO-9660 image cd.iso contain- 
ing a copy of OpenVMS 7.1, we proceed to install the 
additional components required to enable Ethernet and 


TCP/IP support. In a running VAX session, type the Open- 
VMS command in Listing 5. 

To install TCP/IP support, it is necessary to access to 
the VMS directory termed pua3:[TCPIP VAx051.KIT] in 
which the product under study may be found. 


S$ dir dua3:[tcpip vax051.kit] 
DEC-VAXVMS-TCPIP-V0501-15-1.PCSI;1 
Total of 1 file. 


Listing 5. Installing optional components OpenVMS 


$ mount/override=id dua3: 

SMOUNT-I-WRITELOCK, volume is write locked 
SMOUNT-I-MOUNTED, VAXVMS0O73 mounted on _ARESSDUA3: 
Sidi re soues: 10; 0] 


Directory DUA3: [000,000] 


OCO000] DIR FL BACKUP 3157.1 
BITMAP.SYS;1 CONTIN.SYS;1 

DECNET PHASE IV VAX073.DIR;1 

DECWO73.C;1 DECWO73.D;1 
DOCUMENTATION.DIR;1 DWMOTIF VAX125.DIR;1 


BA DBI os i 
CORUME= SS; | 


DECWOY 3 2E pal 


HERP MESSAGE. Din; y INDEXPe Sve, 1 IL Sly SV CINIMEME Srey IL 
GAAS) 2 DDB ea SI CU IIE Ais 2 i Shes OR IDLE Pall 
CEE SV AXKOo Diy lA 3 Dinky VMSO73.A; 1 
WISI SC eal VM SO SD al VMSO 322m pal 


VMSI18N VAX073.DIR;1 WOME SIEMES St OSie Ak 


EOtel wn, oo ese 


Listing 6. Installing TCP/IP support for VAX/OpenVMS system 


oe euatevelbicie 


POperazi on (INSTALL, stow, 7.5): imseall 


BE coder anes (42 LO siiows lees Ge ee 


The following product has been selected: 


DEC YVAXVMsS TCPUP 75, 1-15 
Do you want to continue? [YES] 


Conligiusce Tone place es walks eamnC mee 


DECNE ES PEUS VAX07S 2 DER; t 


Layered Product 


You will be asked to choose options, if any, for each selected product and for 


any products that may be installed to satisfy software dependency requirements. 


DEC VAXVMS TCPIP V5.1-15: Compaq TCP/IP Services for OpenVMS. 


(c) Compaq Computer Corporation 2000. All Rights Reserved. 


BADLOG.SYS;1 
DIGI, WVU SINT IBIS eI 


DE CWO 3a pil 
DWMOTIF VAX126.DIR;1 
KER BEROs  VAXOLO. Diu, 1 
So Sule DID Real 
VMS 003.871 
ANSI] Se a eal 
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And proceed to install it by using a DCL utility named 
product, as shown by Listing 6. 

Once these steps have been successfully executed, the 
VAX/OpenVMS is now ready to be used in our NetBSD host 
and may be used for further non-commercial purposes. 


TCP/IP Communications in VAX/OpenVMS 
Systems 

As it was introduced previously, access to the TCP/IP 
connection with the emulated system relies on two basic 
points: the compilation of SIMH with Ethernet support en- 
abled thanks to PCAP library, and the existence of a free- 
of-use Ethernet adapter in our host running NetBSD. 

In our particular case, this interface appears as rei and 
it is possible to realise that the Ethernet address choosen 
for VAX Ethernet interface in simn-vax.ini configuration file 
does match with the one of rei network interface, as it is 


shown below in Listing 7. Notice that this interface shall not 
be physically connected to other devices such as switches 
or hubs, as its use will be internal to the NetBSD box. 
Once the availability of such interface has been con- 
firmed, it is time to configure TCP/IP in our VAX/Open- 
VMS platform by means of the following DCL commands: 


S@sysSmanager:tcpipSconfig 


or, alternatively, as UCX, which is the predecessor of 
TCP/IP implementation for VAX/OpenVMS systems: 


S@sysSmanager:ucx$config 


This command leads to an interactive menu shown in List- 
ing 8 that will be used to configure in a proper way our 
network interface to allow VAX/OpenVMS connectivity. 


Listing 7. Network interface configuration in NetBSD 


dhcppc2# ifconfig rel 


enabled=0 


acdduess: U0 sbi. 95.5e2h52i4 


status: no network 


Listing 8. TCP/IP Services Configuration for OpenVMS 7.1 host 


ConiGgurakL lon soOpE rons: 


- Core environment 
- Client components 


Server components 


os OO NO a 
I 


= ©prEronaliconponemis 


Run tests 


Configure options 1 - 4 


[|= 


Exit configuration procedure 


Enter contiguration option: 1 


rel: flags=8b43<UP,BROADCAST,RUNNING, PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500 
capabilities=3f80<TSO4,IP4CSUM Rx,IP4CSUM Tx,TCP4CSUM Rx,TCP4CSUM Tx,UDP4CSUM Rx,UDP4CSUM Tx> 


media: Ethernet autoselect (100baseTX full-duplex) 


ines O.020.0 nermask Oxir 00000000 breadcasi, 259.259 5299 42590 
ineto fe80::218:f3ff:fef9:a803%rel prefixlen 64 scopeid Oxl 


Compag TCP/IP Services for OpenVMS Configuration Menu 


Shutdown Compag TCP/IP Services for OpenVMS 
Startup Compag TCP/IP Services for OpenVMS 
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In this way, we get the following result given by Figure 5. 

Once this task has been concluded, the option (6) from 
the interactive menu, allows to start all TCP/IP services 
associated with the emulated VAX/OpenVMS. It may be 
necessary to modify some of the configuration parame- 
ters specific to the OpenVMS kernel. 

In this way we get, as a result of our work, a running 
VAX/OpenVMS system in which OpenVMS 7.1 runs TCP/ 
IP support, and allows remote connectivity as it is depict- 
ed by Figure 6. 

As it has been shown, we have been able to solve one 
of the most critical issues affecting VAX platforms, related 
to the obsolescence, which is closely related to hardware 
failures, by emulating VAX interfaces on the devices and 
interfaces present in a current computer, with even more 
available resources. 


Fie Edt View Termmal Tabs Help 


OE6 is the Ethernet device XOAG: 


Interface: OEO 


IP Addr: 10.15.193.1 NETWRK: 255.255.255.6 BROCST: 16.15.193.255 


C Addr: C NETWRE : Cc BROCST: 
Flags: 
Receive buffer: a 


Compaq TCP/IP Services for OpenVMS Interface QEG@ Reconfiguration Menu 


Reconfiguration options: 


1 - Configure interface manually (Current default) 
2 - Let DHCP configure interface 
[E) - Exit menu (Do not reconfigure interface QE6) 


Enter configuration option: Jj 


Figure 5. Definition of a Ethernet network interface in OpenVMS 
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Figure 6. TCP/IP Connection from NetBSD box to the emulated VAX/ 
OpenVMS server 
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Final Tasks 

Installing DEC OS/F Motif 

Before starting with DEC OS/F Motif installation, it is 
necessary to reconfigure OpenVMS kernel. More pre- 
cisely, the parameter po. maytim shall be set at 48000 
at least. 


- SYSGEN parameter PQL MBYTIM is 40000, should be at 
least 48000 


The most suitable procedure to reconfigure a OpenVMS 
kernel is the use of the sequence of commands provided 
by Listing 9. 

Once the kernel has been rebuilt, you have to install the 
package associated with OS/F Motif for OpenVMS which 
may be found on the installation CD-ROM associated to 
the image file cd.iso. The steps required for such a pro- 
cess are: 


¢ Mount the CD-ROM in our VAX/OpenVMS by typing 
the command: 
S set default DUA3: [DWMOTIF VAX126.KIT] 

¢ Install DEC OS/F Motif for OpenVMS by executing 
the commands given in Listing 10. 

¢ Finally, reboot the emulated VAX/OpenVMS platform 
to commit the changes. 
S shutdown 


Listing 9. Reconfiguration process for OpenVMS 7.1 kernel 


@SYSSUPDATE:AUTOGEN GETDATA REBOOT CHECK FEEDBACK 
S @SYSSUPDATE:AUTOGEN GETDATA REBOOT CHECK PEEDBACK 
SAUTOGEN-I-BEGIN, GETDATA phase is beginning. 
SAUTOGEN-I-NEWFILE, Previous contents of 
SYSSSYSTEM: CLUSPARAMS.DAT have 
been copied to SYSSSYSTEM:CLUSPARAMS.OLD. You may 
wish to purge 
SYSSSYSTEM: CLUSPARAMS.OLD. 
SAUTOGEN-I-NEWFILE, A new version of 
SYSSSYSTEM: PARAMS .DAT has been 
created. 
You may wish to purge this file. 
SAUTOGEN-I-END, GETDATA phase has successfully 
completed. 
SAUTOGEN-I-BEGIN, GENPARAMS phase is beginning. 
SAUTOGEN-I-NEWFILE, A new version of 
SYSSMANAGER: VMSIMAGES.DAT has been 


created. 


You may wish to purge this file. 
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After rebooting VAX/OpenVMS, our platform will be 
ready to use some services like XDM which makes pos- 
sible to use X11 clients remotely. 


Beyond Emulation: Interfaces TUN/TAP 

Very often, there are no available Ethernet interfaces in 
a computer, but many Unix systems allow to bypass this 
difficulty by using a virtual emulation for such devices. 
NetBSD OS will not be the exception as this emulation is 
provided by TUN/TAP modules, for TCP/IP layers 2 and 
3, respectively. In this way, TUN allows the creation of a 
virtual NIC with an Ethernet address attached to it that is 
different from the physical address of the real card. The 
steps to create such a virtual TUN-based interface are 
summarized in three steps: 


¢ Regarding TUN/TAP devices, for NetBSD the GE- 
NERIC kernel already contains the two necessary 
options: 


pseudo-device tap # virtual Ethernet 


pseudo-device tun # network 
tunneling over tty 
Alternatively, it is possible to check the feasibility of such 
network pseudo-devices by issuing the command: 
dhcppc2# ifconfig -C 
agr bridge vlan stf gif gre tun tap strip sl pppoe ppp lo 
¢ Configure a new TAP pseudo-device by means of if- 
config(1) command: 
dhcppc2# ifconfig tapO create 
dhceppc2# ifconfig tap0d 
tap0: flags=8802<BROADCAST, SIMPLEX,MULTICAST> mtu 1500 
address: £2:0b:a4:7£:08:0b 
media: Ethernet autoselect 
In this way, a new Ethernet interface appears in our 
host system. This interface is mapped as tapo, with 
tts own Ethernet address and should remain inactive 
as it will only be used for the emulated VAX/Open- 
VMS system. 


Listing 10. /nstalling DEC OS/F Motif for OpenVMS systems 


3) jeuelorclbie re 


pOperar lone (INSEAM, | SHOW 20...) liste 


LEcociies Melis 10) ice Slower Mave) = 


The following product has been selected: 


DEC VAXVMS DWMOTIF V1.2-6 Layered 


PEOCue te 
Do you want to continue? [YES] 
Conncuke: LOM eles ess cat clings. 
You will be asked to choose options, if any, for each 
selected product and for 
any products that may be installed to satisfy software 
dependency requirements. 
DEG VAXVMS DWMOLDE Vil2—-6: DECwindows Morr 
2 1936, 2000) Conpag Conpure sa eorporaeron 
Compaq Computer Corporation 
This product uses the PAK: DW-MOTIF 


Checking values of system parameters... 


OK 


DO You Wane Ene deraults for alll options? [YES] YES 


Tf a Local Language Variant is installed refer to 


the Install Guide. 


Do you want to continue? [YES] YES 


Do you want to review the options? [NO] 


The following product has been installed: 


DEC VAXVMS DWMOTIF V1.2-6 
PROCUCE 


Layered 


Finally, we get the following messages to indicate the 


installation is complete. 


DEC VAXVMS DWMOTIF V1.2-6: DECwindows Motif 


System reboot will be required following upgrade of 


language variants. 


Installation Verification Procedure can be run after 


reboot. 
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¢ Edit the file simn-vax.ini given in Listing 1, by modify- 
ing the entry associated, in such a way the chosen IP 
address for out tapo will be reflected. 
; Attach Ethernet to a network interface 


set xq mac=f£2-0b-a4-7f£-08-0b 


It is very important to take into account that you cannot 
add an IP address to this interface, as this task is man- 
aged directly by the emulated VAX/OpenVMS system 
and it is transparent to our NetBSD system which acts 
as host. 

The process covered in this section consists of creat- 
ing a bridge between our NetBSD host and the emulated 
VAX/OpenVMS platform as it is shown in Figure 7. 


Final Remarks 

For those people who think that OpenVMS is a legacy of 
our past and Is definitively dead, try to remember that the 
first version for VMS OS 1.0 was released in 1978 and 
the OpenVMS support for IA64 (Intel Itanium platforms) 
has been available from HP Compact since 2004. How- 
ever, nowadays it is impossible to purchase original VAX 
hardware. 

The solution introduced in this article admits more so- 
phisticated possibilities, it is even possible to run an em- 
ulated VAX workstation in one of the numerous BSD or 
GNU/Linux live distributions provided by a CD-ROM or 
DVD-ROM. Eventually, another interesting alternative is 
the use of QEMU to test the latter solution. 

In the nineties, Compact purchased Digital Equipment 
Corporation only to merge four years later with the giant 
Hewlett-Packard. However, and to conclude this article, 
there is no better argument that the anecdote starred by 
Dave Cutler, one of the creators of VMS and further, one 
of the engineers who led the Windows New Technology 
project, which gave rise to MS Windows NT. The acronym 


Red de Area Local (LAN) 
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Figure 7. /nterconnectivity between host (NetBSD 6.0) and emulated 
OpenVMS platforms 
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Acronyms and Abbreviations 


CICS Complex Instruction Set Computer 
DCL Digital Command Language 

DEC Digital Equipment Corporation 
DECUS Digital Equipment Corporation Users’ Society 
IA32 Intel Architecture 32-bit 

ISA Instruction Set Architecture 

NIC Network Interface Card 

RAM Random Access Memory 

VAX Virtual Address Extension 

VMS Virtual Memory System 

XDM X11 Display Manager 
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Compaq 


WNT is nothing else than the result of shifting the three 
letters of 'VMS' to the next letter in the alphabet, getting 
the result: WNT. Perhaps this step forward in letters was 
also a step backwards in technological performance. 
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Installing 


and Configuring SSL for Dovecot and Roundcube for the 


Qmail MTA 


Dovecot is an open source IMAP and POP3 email server for 
UNIX-like systems, written with security primarily in mind. 


What you will learn... 

- How to install dovecot from the FreeBSD Ports system 

- How to configure dovecot to communicate with the imaps protocol 
¢ How to install roundcube from the FreeBSD Ports system 

¢ How to configure roundcube to communicate with dovecot 


large installations. It’s fast, simple to set up, re- 
quires no special administration and it uses very 
little memory. 


B ovecot is an excellent choice for both small and 


Most Notable Dovecot Features 


¢ Dovecot is high performing and is compatible with 
vpopmail’s Maildir structure. 

¢ When authenticating via SSL you can use dovecot to 
send emails from roundcube 

¢ The dovecot service will automatically restart if it fails 
for any reason 

¢ Dovecot supports migration from Courier imap 

¢ Dovecot is configured with security in mind 


The first step is to install Dovecot from the FreeBSD 
ports system. 


# cd /usr/ports/mail/dovecot 


# make install 
When you run make install it will give you the various 


configure options available. Make sure the following op- 
tions are checked: 
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What you should know... 


How to run any qmail service with deamontools installed (or on my 
freebsdrocks.net guide) 

« Astrong understanding of qmail. 

- A solid understanding of Apache 2.2 or better with SSL (recom- 
mended) 

¢ Aninstallation of php 5.3 and configured with Apache 2.2 


¢ KQUEUE 
© SSL 
¢ VPOPMAIL 


Configuring Dovecot 
Dovecot itself is configured using the dovecot.con£ locat- 
ed at /usr/local/etc/dovecot.conf for the main configu- 
ration file. The dovecot.conf is a VERY large configuration 
file. Please verify the settings from Listing 1. 

You may leave the next line commented or not at your 
discretion: 
# Greeting message for clients. This is an optional setting. 


login greeting = Dovecot ready. 


More settings for the dovecot.conf file that will need to 
be verified. 


mail location = maildir:/usr/home/vpopmail/domains/%d/%n/ 


Maildir 


Scroll down some more until you see the following sec- 
tions and verify the settings from Listing 2. 

What we need to do after setting up the configuration 
file is to start setting up the service for dovecot as shown 
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Listing 1. Settings for the dovecot.conf file that will need to be 
verified 


# Base directory where to store runtime data. 


base dir = /var/run/dovecot/ 


# Protocols we want to be serving: imap imaps pop3 pop3s 
managesieve 

# If you only want to use dovecot-auth, you can set this 
(ey Yoel es, 


protocols = imaps 


peorocol) imap { 
#listen = *:143 
So pce = esx 7 oe (eNaenge xs. x LOn yous 


IP address) 


ssl_cert file = /var/qmail/control/servercert.pem 


ssl_key file = /var/qmail/control/servercert.pem 


Listing 2. More settings for the dovecot.conf file that will need to be 
verified 


# Valid UID range for users, defaults to 500 and above. 
This LS mMesely 

# to make sure that users can't log in as daemons or 
other system users. 

# Note that denying root logins is hardcoded to dovecot 
loubidiee yy lore, (rear 1c 

# be done even if first valid uid is set to 0. 

first valid uid = 89 

#last valid uid = 89 


# Valid GID range for users, defaults to non-root/wheel. 
Users having 

# non-valid GID as primary group ID aren't allowed to 
leg sin. Es wiser, 

# belongs to supplementary groups with non-valid GIDs, 
those groups are 

# not set. 

first_ valid gid = 89 

#last valid gid = 89 


# Authentication cache size in kilobytes. 0 means it's 
disabled. 

7 NOte ther Dsdauth, Pal and vpopmed lyrequire cache key 
GO be Seu Lor caching 

# to be used. 


aUP ecole ms iaze =F) 


# vpopmail authentication <doc/wiki/AuthDatabase. 
Witojoltie atl sie ce 

passdb vpopmail { 

#[cache key=<key>] - See cache key in PAM for 
explanation. 

fi quctwa uemplare=“remplave>| == ~¢d.expands bo Marlatt: 
quota 

jc. CUO template -qnoua rile=- backend.) 

args = 


} 


# vpopmail <doc/wiki/AuthDatabase.VPopMail.txt> 
userdb vpopmail { 


} 


# User to use for the process. This user needs access to 
only user and 

# password databases, nothing else. Only shadow and pam 
authentication 

# requires roots, so use something else if possible. 
Note that passwd 

# authentication with BSDs internally accesses shadow 
files, which also 

# requires roots. Note that this user is NOT used to 
access mails. 

# That user is specified by userdb above. 


user = vpopmail 


Listing 3. The following commands will need to be run on the 
console 


# mkdir -m 0755 /var/qmail/supervise/dovecot-ssl /var/ 
gmail/supervise/dovecot-ssl/log /var/ 
log/qmail) devecot—ssl 

# cd /var/qmail/supervise/dovecot-ssl/log 

# fetch http://www. freebsdrocks.net/files/service-any- 
Ieye abba) 

# mv service-any-log-run run 

# chmod 10755 «un 


oar Mellel 


Listing 4. The following commands will need to be run on the 
console 


# cd /var/qmail/supervise/dovecot-ssl 
# fetch http://freebsdrocks.net/files/service-dovecot-run 
# mv service-dovecot-run run 


a elomueve 0) Sis) secre 
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in Listing 3. Change the last line in the run file at the bot- 
tom to read as in following Listing 4. 

When editing the run file change the last line to the fol- 
lowing: 


multilog t n1024 s1048576 /var/log/qmail/dovecot-ssl 


There are no options to configure in this file. This will run 
using the options in the dovecot.conf file. 

This is just like starting up any other daemontools ser- 
vice — create a symlink from /service/something to the 
physical service directory, wait about ten seconds, and 
make sure it's running. 


# ln -s /var/qmail/supervise/dovecot-ssl /service/ 


After a few seconds run the code from listing 5. 

lf the dovecot/log service does not start it is more than 
likely permissions or a vpopmail UID/GID issue. Check 
the dovecot log file in /var/log/qmail/dovecot-ssl/log/ 
current for any errors. 

lf you happen to run an older version of qmail or even 
an older version of the freebsd walkthrough then the UID/ 
GIDs for vpopmail/vchkpw may not be 89:89. You may 
need to look in /etc/masterpasswd for the vpopmail UID 
and /etc/groups for the vchkpw GID. This needs to match 
the UID and GID in the dovecot configuration file located 
at /usr/local/etc/dovecot.conf. 


Installing and Configuring Roundcube 

Roundcube is a browser based imap client. The Round- 
cube webmail software is available in FreeBSD ports. If 
you want to learn more about FreeBSD packages and 
ports, please read The FreeBSD Handbook, chapter 4. 


Most Notable Roundcube Features 


¢ Address Book with autocomplete features 
¢ HTML and Richtext messages 

¢ Shared/Global IMAP Folder Management 
¢ Spell Checking 

¢ Unlimited users and messages 


The port for Roundcube webmail is available in /usr/ 
ports/mail/roundcube. To install roundcube, you will 


need to type the following: 


# cd /usr/ports/mail/roundcube 


# make install clean 


Make sure the following options are checked: 


¢ GD 

¢ PSPELL (Optional) 
¢ SSL 

¢ MYSQL 


You will also want to install the following port if they are not 
installed already. You can check the installation of each port 
by running pkg info | grep packagename. For instance if 
you wanted to find out if php5-exif is installed you would run 
pkg .afifo: | Greép phpa-exif. If it returns a result then Skip 
to the next port. If not you will need to install the port. 


# cd /usr/ports/graphics/php53-exif 


# make install clean 


By default, roundcube is installed in /usr/local/www/ 


roundcube/. 


# svstat /service/dovecot-ssl /service/dovecot-ssl/log 


/service/dovecot-ssl: up (pid 23841) 8 seconds 
/service/dovecot-ssl/log: up (pid 23843) 8 seconds 


mysql> CREATE DATABASE rQundcube; 


‘imySeile= polls 


Listing 5. The following commands will need to be run on the console 


If the first dovecot-ssl service does not start you can check the log file like so: 


# tail -£ /var/log/qmail/dovecot—ssl/current | taio4niocal 


Listing 6. These are the commands that will need to be run on the mysq/ command prompt 


mysql> GRANT select,insert,update,delete,create,drop ON r0undcube.* TO rcub3@localhost IDENTIFIED BY ‘mypass’; 
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Now, we need to map the nttp://localhost/roundcube/ to 
/usr/local/www/roundcube/. To do this you will need to open 
the apache configuration located in /usr/local/etc/apache22. 
Edit /usr/local/etc/httpd.conf then copy and paste the fol- 
lowing under the alias section in the httpd.conf file: 


Alias /roundcube "/usr/local/www/roundcube/" 
<Directory "/usr/local/www/roundcube"> 
Options Indexes FollowSymLinks 

AllowOverride All 

Order allow,deny 

Allow from all 


</Directory> 
Save the file and then restart apache: 


# /usr/local/etc/rce.d/apache22 restart 

You now need to create a database and a username/pass- 
word combination so Roundcube has access to MySQL. In 
the example below | am using the following settings: 


Database Name: rQundcube 
username for Database Access: rcub3 


Password for rcube username: mypass 


Security note 

| have provided the database, username and passwords 
above just to show you how to set this up in MySQL. | would 
highly suggest using encrypted usernames and passwords 
which should be at least 8 characters or more, and include 
lowercase and uppercase letters, numbers and punctua- 
tion. The longer and more encrypted they are, the harder 
they are for hackers to try to get into your system. 


# mysql -u root 


Type in your root password for MySQL and then hit en- 
ter at the next prompt type in Listing 6. Now, you need to 
import the database structure into your roundcube data- 
base. You can copy and paste them into phpMyAdmin or 
you can use the following command: 


# cd /usr/local/www/roundcube/SQL 
# mysql -u root -p r0undcube < mysgl.initial.sgl 


Once you've created the database, you need to run the 
following commands: 


# cd /usr/local/www/roundcube/config 


# cp db.inc.php.dist db.inc.php 
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# cp main.inc.php.dist main.inc.php 


# vi db.inc.php 


Now we will want to open db.inc.php and change the da- 
tabase setting: 


Srcmail config['db dsnw'] = 


'mysgql://rcub3:mypass@localhost/r0undcube'; 


Now, you want to edit main.inc.php file and change the 
mailhost setting with your IMAP server address. 


Srcmail config['default host'] = 'ssl://x.x.x.x'; 
(replace x.x.x.x with your IP address) 


eremail config['default port'] = 993; 


Congratulations you have installed roundcube on your 
server. You can access your roundcube webmail at http: // 
localhost/roundcube/ (You can change your localhost to 
your hostname, domain name or IP of the qmail server). 

You can now login with your username and password 
on your IMAP server. 

lf you are converting from Courier IMAP to dovecot you 
will want to run the following settings to convert the accounts 
so the migration will be seamless to your webmail clients. 


# cd /usr/local/bin 
# wget http://www.dovecot.org/tools/courier-dovecot-migrate.pl 
# chmod 0700 courier-dovecot-migrate.pl 


# cd ~vpopmail/domains 


This command will test the migrate command before you 
run it “live” 


# /usr/local/bin/courier-dovecot-migrate.pl -recursive 
This command will run the conversion live 


# /usr/local/bin/courier-dovecot-migrate.pl --recursive 


==COnvVert 


Summary 

At this point you have installed dovecot and roundcube 
and configured them to communicate via SSL and you 
should be able to login to roundcube using dovecot as 
your IMAP server. 
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Unattended Installation of Servers 


This article tries to show how to manage an important (in terms 
of size) computing park when talking about the unattended 
installation and upgrade of FreeBSD servers. 


What you will learn... 

« How to manage the version of FreeBSD running on you're machines 

¢ The provisioning or upgrading of each machine in an advantageous 
way 


you deploy fast provisioning and upgrading of serv- 

ers (without the need to go through the whole process: 
buildworld, mergemaster, etc.), having a homogeneous 
implementation of FreeBSD. For me, particularly, this has 
been extremely useful in several situations but mainly 
when | needed to perform an extremely fast upgrade and 
come back on-line in terms of minutes. 

Previous to building our unattended installation system, 
we need to check if the downloadable ISO images are up 
to being used for installing servers in an unattended way. 
I'm saying this, basically, because FreeBSD’s generated 
CDs and its content (packages, sources, doc...) are done 
per release; after that happens and until the next release 
ISO images are out, they provide you patches for your in- 
Stallation (in binary or source format) for fixing bugs, but 


| think this topic is very interesting because it will help 


What you should know... 
¢ What PXE means and how it behaves 
¢ Some advanced FreeBSD admin skills 


IMHO you can get better, faster and more customizable 
results if you proceed the way described here. 

So first of all, we're going to create our own patched 
CD images (never with unnecessary changes but yes with 
the code properly patched and bugs fixed at the time of 
iso creation) and later will build our unattended installa- 
tion server. 

This short introduction has tried to allow people who 
have started reading this article to know whether they 
are interested in this topic or not. | assume people with 
big computing parks will be interested on continuing 
this reading. 


Step 1. Building our own Release 
First of all, I’m going to clarify one aspect: the main rea- 
son because I’m going to generate a release in this ar- 


Listing 1. SVN exporting content 


cd /datamountpoint/ 


svn export svn://svn.FreeBSD.org/base/releng/9.1 src releng91 


svn export svn://svn.freebsd.org/ports/head ports releng91 


svn export svn://svn.freebsd.org/doc/release/9.1.0/ doc _releng91 
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Listing 2. Diff of changes applied in mkisoimages.sh 


diff -u mkisoimages.sh-unmodified mkisoimages.sh 

=-- mMkisoimages -sh-unmeditied 2013-01-12 20:706:42 000000000 +0100 
tte mMkisoimages. sh 2ONZ=l2—-30 10236209 000000000 +0100 

C@F=397,6 139,65 @e 

LABEL=$1; shift 

NAME=S$1; shift 


-echo “/dev/iso9660/°echo SLABEL | tr ‘[:lower:]’ ‘[:upper:]’° / cd9660 ro 0 0” > $l/etc/fstab 
tH ECho “/dev/i1so9Ge0, echo SLARBL || tr “slower: |” “leupper:|” 7 <d9ce0 ro 0 0" > Siljetc, fstab 
makefs -t cd9660 Sbootable -o rockridge -o label=SLABEL SNAME $* 

=o oly Cie, totale 

+## rm S$1/etc/fstab 


Listing 3. Diff of Makefile.sysinstall 


diff -u Makefile.sysinstall Makefile.sysinstall-modified 
=—-— Makefile -sysinstall 2012-10-24 04:20:07 000000000 +0200 
ttt Maketile. sysinstall—modined 2013-01-12 20:12:19. 000000000 +0100 
@@ -1,4 +1,4 @@ 
-# SFreeBSD$ 
+# SFreeBSD: release/Makefile.sysinstall 241979 2012-10-24 02:20:07Z2 kensmith $ 
# 
# Make release [BUILDNAME=somename] CHROOTDIR=/some/dir CVSROOT=/cvs/dir \ 
# [RELEASETAG=tag] [SVNROOT=svn://svn.freebsd.org/base] \ 
@@ -1149,21 +1149,11 €¢ 
FreeBSD Install \ 
${CD}/FreeBSD-S$ {BUILDNAME}-S${TARGET}-discl.iso LCI anes) \ 
${CD DISC1 PKGS} 
@sh S{.CURDIR}/S${TARGET}/mkisoimages.sh \ 


= PCCD PACKAGES \ 
Ss ${CD}/FreeBSD-S$ {BUILDNAME}-S {TARGET }-disc2.iso SCID DESC | \ 
- S{CD DISC2 PKGS} 

Jf detned (MAKE SDV») 
- @sh ${.CURDIR}/${TARGET}/mkisoimages.sh $S{BOOTABLE} \ 
= FreeBSD Install \ 
a ${CD}/FreeBSD-$ { BUILDNAME}-S$ {TARGET }-dvdl.iso ${CD DVD1} \ 
- ${CD_DVD1_PKGS} 
+ @echo “No DVD1 needed...” 

.endif 

-1f !defined (NODOC) 
- €@sh ${.CURDIR}/${TARGET}/mkisoimages.sh \ 
= DeSSD DecuNSmceteom 
= ${CD}/FreeBSD-S$ { BUILDNAME}-S {TARGET }-disc3.iso 91 CD DOCS } ‘ 
- ${CD DOCS PKGS} 
+ @echo “No doc iso image needed...” 

.endif 

TE edelmed|( SHEAR AME yay 2.5) 

@sh S{.CURDIR}/S{TARGET}/mkisoimages.sh ${BOOTABLE} \ 
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ticle. This is, that it’s extremely important for you to being 
able to generate you're own upgraded or customized iso 
images of the svn branch/tag you need to work with. You 
could need customizing them for using Sysinstall instead 
of BSDinstaller or just for having an updated medium for 
deploying unattended installation services like the follow- 
ing one (or for upgrading it), or just for using this ISOs with 
you're managed servers, instead of using a FreeBSD im- 
age with some bugs discovered previous to a new release 
launch (and so, the new upgraded isos are not able to be 
downloaded from ftp.freebsd.org). 

So, as | advanced before, at present, the new default 
FreeBSD installer (BSDinstaller), is undergoing an im- 
provement process and does not support performing an 
installation in a similar way to Sysinstall with install.cfg 
config file, so I'm going to generate a custom release for 
obtaining ISO images with Sysinstall for now.. 

Let’s grab an ISO image from ftp.freebsd.org for set- 
ting up our release generation machine. For example, 
fetch or wget: ftp.//ftp.freebsd.org/pub/FreeBSD/releas- 
es/ISO-IMAGES/9Y. 1/FreeBSD-9.1-RELEASE-amd64- 
disc7.iso. 

We will proceed with a normal installation, but without 
installing sources (just lib32 and ports). After having boot- 
ed our installed system, we will continue on to create our 
source directories: 


mkdir -p /usr/sre 


mkdir -p /datamountpoint/ 


Let's move into the directory in which we're going to ‘svn 
export’ the RELENG 9 1 needed data as can be seen 
in Listing 1. 

Now, we should have an up to date collection of sourc- 
es, ports and documentation, for building our release and 
ISO images. I’m assuming we're creating a release for a 
64 bit capable machine. So, for our purpose, move into 
the amd64 src directory: 


cd /datamountpoint/srce_ releng91/release/amd64 


Let’s continue by slightly modifying mkisoimages.sh as 
I'm going to describe in Listing 2. 

So now, let's move backwards one level and let's modify 
Makefile.sysinstall1 in order to end up like in Listing 3. 

SO, at this point we have the fresh code recently down- 
loaded from FreeBSD's subversion properly patched for 
generating our customized release that uses Sysinstall as 
the installer. 

Now, we should copy all the content to /usr/src. SO, we 
could do: 
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rsync -av /datamountpoint/srce releng91/ /usr/src/ 
And the following step is to buildworld in order to be able 
to generate release later. 


cd /usr/src 


make buildworld 


Now let's launch the release generation make as shown 
In Listing 4. 


NOTE 
If instead of generating the release specifying the make- 
file Makefile.sysinstall, and without having applied pre- 
vious changes, we would obtain a fresh release with the 
new installer (BSDinstaller). 

lf all went OK, We will have the ISO images can be seen 
In Listing 5. 


Step 2. Installation of the FreeBSD Unattended 
Installation Server 
Let's continue by performing a new server installation (our 
unattended installing server) with our recently created 
ISO named FreeBSD********-SNAP-amd61-disc1.iso. We 
will select a Standard installation, with a custom distribu- 
tion set (please, select Custom) which contains the follow- 
ing parts: base, kernels (all), info, lib32, man, src, ports, 
and local. Ensure you say to use cd as media (as source). 
After the installation process, let's install a dhcpd server 
which will be the ip allocator in our PXE server. We will 
use isc-dhcp41-server. For building: 


cd /usr/ports/net/isc-dhcp41-server 
(let’s unselect all options) 
make install clean 


Now, let's configure our dhcpda server by setting /usr/ 
local/etc/dhcpd.conf as in Listing 6. 

At this point, we don’t need to launch the dhcpad server. 
Now, let’s configure /etc/inetd.conf in order to enable 
tftpod. We need to make the tftp line appear like this: 


(in a single line) 
tftp dgram udp wait root /usr/libexec/tftpd tftpd -1 -s / 
datamountpoint/netboot/freebsd91 


We will use NFS as our install media (data source) 


for Sysintall on the unattended installations. So /etc/ 
exports In Our pxe server should look like this: 
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Listing 4. Making release 


cd release 


make -f£ Makefile.sysinstall release CHROOTDIR=/datamountpoint/release generation EXTSRCDIR=/datamountpoint/src releng91 
EXTPORTSDIR=/datamountpoint/ports releng91 EXTDOCDIR=/datamountpoint/doc releng91 MAKE ISOS=1 


Listing 5. Recently generated ISO images of the new release 


ls -la /datamountpoint/release generation/R/cdrom/ 


StWoaboat == 1 root wheel 67524608 Dec 30 17:47 FreeBSD-9.1-20121230-SNAP-amd64-bootonly.iso 
=(W=r==r== I nook) wheel 508561668 Dec 30 1/246 FreeBbsd-9.1-—Z0121230-SNAP-amd6é4-discl 71s0 
="w=r=="L== 1 root wheel 253 Dec 30 17:49 FreeBSD-9.1-20121230-SNAP-amd64-iso.CHECKSUM.MD5 
=(Wer==f== 1 root wheel 398 Dec 30 17349 Preebsp—9. l—2Z0121230-SNAP-amd64—1s0. CHECKSUM. SHAZS6 
i eile a aa 1 root wheel 422400000 Dec 30 17:49 FreeBSD-9.1-20121230-SNAP-amd6o4-livefs.iso 

hate gia dig. 3 root wheel SlZ Dec 30 i247 boorenly 

iw xix x 4 root wheel bl Bec) 30 yay *disel 

crwxr—xr—x 2 root wheel ol2 Dee 30 ly s47 <diseZ 

drwxr=xXr=x 2 root wheel ol2 Dee 30 17:47 docs 

drwxr-xr-x 18 root wheel 1024 Dec 30 17:47 dvdl 

drwxr-xr-x 17 root wheel ol Dec 30° Lie47) divers 


Listing 6. Configuracion of /usr/local/etc/dhcpd.conf 


allow booting; 

ell lent leverouwjens 

auiEenOrlEdud yc; 

option domain-name "freebsdpxe.sarenet.es"; 
Oil On subNnee Mask 2oon7 oon Zo om0, 
default-lease-time 600; 

max-lease-time 7200; 

ddns-update-style none; 

Ieg=-Eaciivi ves lo@adky > 

lec al —address 0 2010) iy; 

Subnet) 07.050 sie mmacie2 302 5oyZoo.0 | 
range 10.0.0. 7/0 1070.07 30; 

next-server 10.0.0.1; 

filename "boot/pxeboot"; 

option root-path "/damamountpoint/netboot/freebsd91"; 
} 


Listing 7. /etc/rc.conf. 


## fxpO is the PXE-Boot interface 

BACOMMcCyexpO=  Tneirs i AO 0a etiae Ky O57 9Oe7 oes, 

## PXE services 

GnicteGmetcoke— eas” 

clneyorcl ieee = ce  eiiewS Caco ISesSs Tulse wisiialG Cle since reels) 
Idee) eiielolke= es 

igjercloubiel Sahel oe Viciss 

MOUMUCme talolie= Gece 


his (server ;enable="vyes™ 
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/datamountpoint -alldirs,ro -network 10.0.0 -mask 255.255.255.0 


Yes, read-only... nothing should be written to our NFS ex- 
ported content. Now let's populate /datamountpoint/netboot/ 
freebsd91 with our recently generated release’s disc1: 


tar -C /datamountpoint/netboot/freebsd91 -pxvf FreeBSD- 
9.1-20121230-SNAP-amd64—-discl.iso 


We should now set the loader.conf for our unattended in- 
stallations service properly in /datamountpoint/netboot/ 
freebsd91/boot/loader.conet: 


fsroou. load="VRo" 


m 
misroot. type="mts root" 
mf 


sroot_name="/boot/mfsroot" 


fas 


vfs.root.mountfrom="ufs:/dev/md0" 


Let’s follow by decompressing what will become the mf- 
sroot of our netbooted OS and let's copy to it’s root (op- 
tionally of course) the install.cfg in order to have Sysin- 
stall perform all automated tasks that belongs to it. 


NOTE 

Install.cfg generation and syntax is beyond the scope of 
this article and will not be covered. 

cd /datamountpoint/netboot/freebsd91/boot 


Gzip —d misroot.¢z 


Now, we'll mount the memory disk in order to be able to 
copy the install.cfg to it's root : 


mkdir /onerandommountpoint 


mdconfig -a -t vnode -f 


/datamountpoint/netboot/freebsd91/boot/mfsroot -u 200 

| have used the number 200 but it’s really optional, so you 
could certainly not specify -u _——_—s and it will be attached 
to the first free kernel memory disk in numerical order. 


mount /dev/md200 /onerandommountpoint 


cp /placewherewehaveourcustominstallcfg/install.cfg / 


onerandommountpoint 
Now let's unmount the attached mfsroot. 


cd 
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umount /onerandommountpoint 


After ensuring it's properly unmounted, let's remove our 
attached kernel memory disk. 


mdaconfig -d -u 200 


We ensure it's removed, by typing the following com- 
mand and seeing no output: 


mdconfig -l 


Now finally, let's configure our pxe server's /etc/rce.conf 
to launch all services automatically as in Listing 7. 

Now important, without doing this the tftp server won't 
be able to serve pxeboot under 


/datamountpoint/netboot/freebsd91/boot/ 
and the nfsd would run into troubles too: 


/datamountpoint/netboot/freebsd91/boot/: 
chmod -R 755 /datamountpoint/netboot/freebsd91 


Conclusion 
That's all :). Now, to install or upgrade a new server, you 
can connect one PXE capable server's Ethernet port with 
a crossover cable to our recently built PXE server (to it’s 
PXE interface) in order to boot from net and load a Free- 
BSD installation. | should say too, | just have used this 
system for upgrading or installing one server ata time, but 
should work properly too if you want to do this task with 
some more. 

As this is my first article in BSD Magazine many thanks 
to all for reading it! 


EGOITZ AURREKOETXEA AURRE 

I’m a sysadmin and system’s programmer at Sarenet (www. 
sarenet.es) and am very proud to be able to contribute with this 
article, because the Open Source community, documentation 
and software are basically the most powerful strength in the 
computing world. | wanted to dedicate this work to all my family, 
but specially to my grandmother who has very recently leave us. 
! wanted to give too special thanks to all Sarenet’s people, be- 
cause working with them, is a really nice experience. You could 
send me you’re questions or comments to egoitz@sarenet.es and 
I'll be very happy and proud of answering or clarifying whatev- 
er is needed. 
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For 12 years, your donations have helped make 

FreeBSD the best OS available! By investing in the 

services provided by The FreeBSD Foundation you 

have helped us fund projects to keep FreeBSD a high- 

performance, secure, and stable operating system. 

Your donations helped FreeBSD in 2012 by: 

e Funding development projects to improve FreeBSD 

including: Capsicum Improvements, Growing 
Filesystems Online, NAND Flash support, IPv6 


Performance Analysis, auditdist, and porting Efika. 


e Educating the public and promoting FreeBSD. ° 
We produced a high-quality FreeBSD 9 brochure and we @ | | d ] 
visited companies to help facilitate collaboration efforts 


with the Project. 
er POns ous ESD eon creee seu sumuuls aun Thanks to people like you, The FreeBSD Foundation 
the globe, including Europe, Japan, 
Canada, and US. has been proudly supporting the FreeBSD Project and 
* Protecting FreeBSD IP and providing legal support to community for 12 years now. We are incredibly grateful 
the Project. 
e Purchasing hardware to build and improve FreeBSD lor all the ay ort we mae irom ee and so aeeata| 
infrastructure individuals and organizations who value FreeBSD. 
In 2013, we plan on increasing this support. We are also In 2012 our goal is to raise $500,000. We hope you will 
hiring two full-time technical staff members to work on 
development projects. consider making a gift to support our work in 2013. 


Stay tuned as we start our Faces of FreeBSD Campaign. We'll be 
spotlighting different people on our website and Facebook page who 
have received funding to work on development projects, run conferences, 
travel to conferences, and advocate for FreeBSD starting this month. The 
numbers are growing thanks to your support! 


Making a donation is quick and easy. to get started, just go to: 
http://www.freebsdfoundation.org/donate/ 


Find out more, visit: 


aMaAfreebsdfoundation.org 
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Programming Primer (Part 2) 


In the second part of our series on programming, we will look at 
configuring our development server, write our first lines of code 
and commit the changes to a version control system. 


What you will learn... 


¢ How to to configure a development environment and write HTML, 


CSS, PHP and SQL code 


BSD test server available with the AMP (Apache 
/ MySQL/ PHP ) installed. We will also use a ver- 
sion control system (VCS) and a CLI based text editor. | 
am using FreeBSD 9.0 with VI, MC (for file management) 
and GIT running under Virtualbox. 
Start by installing FreeBSD from DVD and con- 
figure networking, user and root accounts, etc. as 
normal. 


B efore we get started, you need to have a Free- 


Key 

¢ Command line instructions 

¢ Alterations to configuration files 
¢ MySQL prompt / SQL 

¢ HTML/ XHTML / PHP code 
Part 1. Installing the Software 


Step 1 
As root, Install mc and git from packages: 


dev# pkg add -r mc git 
Step 2. Upgrade the Ports Tree 


dev# portsnap fetch && portsnap extract 
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What you should know... 


¢ BSD and general PC administration skills 


Step 3. Install Apache 


dev# cd /usr/ports/www/apache22 


dev# make install clean 
Configure rc.conf to start Apache on reboot: 
dev# echo 'apache22 enable="YES"' >> /etc/rc.conf 


Ensure hosts has your machine name set in /etc/hosts 
otherwise Apache will not start. 


eee localhost dev 
ee eile OG ck 


localhost dev 
Start Apache: 
dev# /usr/local/etc/re.d/apache22 start 


Step 4. Install MySQL 


dev# cd /usr/ports/databases/mysgl55-server 


dev# make install clean 
Start MySQL: 


dev# echo 'mysql enable="YES"' >> /etc/rc.conf 
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dev# /usr/local/etc/rc.d/mysgl-server start 
Set the MySQL root password and check MySQL works: 


dev# /usr/local/bin/mysqladmin -u root password 'cms- 
password' 
dev# rehash 


dev# mysql -uroot -pcms-password 
mysql>\q 


Step 5. Install PHP5 and Language Extensions 
Enable and build apache module. See Figure 1. 


dev# cd /usr/ports/lang/php5 


dev# make config 
Install PHP5 and the extensions: 
dev# make install clean 
Enable mysql and mysqli support. See Figure 2. 
dev# cd /usr/ports/lang/php5-extensions/ 
dev# make config 


dev# make install clean 


Edit /usr/local/etc/apache22/httpd.conf to reflect the 
following: 


DirectoryIndex index.html index.xhtml index.php 
And add the following at the end for PHP support: 


AddType application/x-httpd-php .php 
AddType application/x-httpd-php-source .phps 


Copy the php.ini file across: 


Options for php5S 5.4.11 


CLI Build CLI version 
Build CGI version 


| ] FPM Build FPM version 
APZFILTER Use Apache 2.x filter interface (experimental) 
{ ] EMBED Build embedded library 
{ ] DEBUG Enable debug 
{ ] DTRACE Enable DTrace support 
[*] IPv6 Enable ipvGé support 
[ ] MATLHEAD Enable mail header patch 
[ ] LINKTHR Link thread lib (for threaded extensions) 


<Cancel> 


< x > 


Figure 1. Enabling the Apache module 
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dev# cp /usr/local/etc/php.ini-development 


/usr/local/etc/php.ini 
Restart apache to pick up the new PHP extensions: 
dev# /usr/local/etc/rc.d/apache22 restart 


Now we need to setup a development area in our home 

directory. We will create an account with username dev: 
dev# adduser 

Follow the prompts (the defaults are fine), and give the 
new user a password. We want to edit / develop as dev, 
so move the apache data directory across to /home/deVv 
and symlink back. That way, Apache can serve the files 


we create as a non-root user as we can run GIT as a 
normal user: 


dev# mv /usr/local/www/apache22/data/ /home/dev/ 

dev# chown dev:dev datapwd 

dev# In -s /home/dev/data/ /usr/local/www/apache22/data 
dev# cd /home/dev/data 

dev# chown dev:dev index.html 


dev# /usr/local/etc/rc.d/apache22 restart 


If you visit your dev box with a browser (http://vyouripa- 
dress) you should see the standard Apache “It works!” 
welcome page. 


Part 2. GIT Revision Control and our Test Pages 
As a developer, a version control system is an important 
tool not only to track code changes, but to allow quick re- 
covery from mistakes. Once a file is added and committed 
to the repository, any errors can be quickly rectified by roll- 
ing back to a previous version. 

Login with (or su to) the new DEV user account, change 
to the data directory, and create a new repository then 


Options for phpS-extensions 1.7 


HASH Message Digest Framework 
iconv support 
IMAP support 
Interbase 6 database support (Firebird) 
JavaScript Object Serialization support 
OpenLDAP support 
multibyte string support 
Encryption support 
MS-SQL database support 

SQL database support 
MySQLi database support 
ODEC support 
Openssl support 
pentl support (CLI only) 


<Cancel> 


< > 


Figure 2. Enabling MySQL support 
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commit index.html to it after setting your details. When 
prompted in the editor, the commit message should be 
“Initial Load”. 


dev# su dev 


dev# cd /home/dev/data/ 


dev# git config --global user.name "dev" 
dev# git config --global user.email dev@dev 
dev# git init 

dev# git add * 

dev# git commit 


PHP Version 5.4.11 


| FreeBSD dev 9.0-RELEASE FreeBSD 9,0-RELEASE #0: Tue Jan 3 07:15:25 UTC | 
pee IE 1? root@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 


Build Date — | Date Feb 2 2013 00:08:03 
Sulla Date _ ‘Jconfigure’ '--with-layout=GNLI ‘=. 
Command dir=/usr/localfetc/php' ‘--9isable-all’ '--enable-libxml’ '--enable-mysqlnd' 
-Wwith-libxml-dir=/usr/local’ '--with-pcre-regex=/usr/local’ '"~with- 
cea artenh ‘_.program-prefix= '--with-apxs2=/usr/local/sbinjapxs" ‘--with- 
egex=php* *--with-zend-vm=CALL' '--prefix=/usrlocal’ ‘~mandir=a/usr 
Reealiian’ ‘-(nfodir=/usr/local/info" '"-build=(386-portbld-freebsd$.0° 


Apache 2.0 Handler 


el 


localstatedir=/var' *--with-config-file-scan- 


Server API 


Virtual 
Directory 
sade 


Configuration 


fusr/local/ete/php.ini 

= this dir for |/usr/local/ete/php 

additional .ini 

files 

Additional .ini = | fusr/local/etc/php/extensions.ini 
files parsed 


Pup apt |201008i7 } 
Pur extension [po10szs 


Figure 3. PHP enabled 


Listing 1. The modified Apache index.xhtml 
<html><body><h1>Hello World!</h1></body></htm1> 


Listing 2. index.xhtml 


<?xml version="1.0" encoding="UTF-8"?> 


<head- 
<title>My first XHTML page</title> 
</head> 
<body> 
<p>Hello world</p> 
—/ body 
=¢ interme 


Listing 3. phpinfo.php 
<7php Phpinice () > 


J DOC VEE MienilehUPEMe sey Wee) Dl De thine Os otighet, / EN. 
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> 


This will commit the original index.html to the new GIT 
repository. Edit index.html to reflect Code Listing 1 — 
“Hello World” is always the first statement written in ex- 
perimental code. Check with your browser that the page 
has changed (you may need to press Shift F5 to refresh 
the cache). Now commit it to the repository: 


dev# git commit -am "First line of HTML" 
To view the change log: 

dev# git log 

Now delete index.html. To recover: 


dev# git checkout index.html 


$ git log 
commit 30e3/7cee547 ‘Sde eae M4c6Sb3bp941 
Author: dev <dev@ pete 
Date: Sat Feb 2 


afOcc 
13 +0000 
~XHTML and PHP 


commit 5 97787d4c4abdi1614d46e 


Author: V> 
12:08:48 2013 +0000 


o 2019 


1 load 


Figure 4. Git log 
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Further reading 

¢« GIT VCS - http:/githowto.com 
PHP — http:/php.net 
W3 Schools — http:/www.w3schools.com 
W3C - http://www.w3.org 


To go back to the original Apache file (Where 0007073d 
is the first 8 digits of the file checksum) and overwrite 
your changes permanently: 


dev# git checkout 0007073d 


Now the log will only show the original file. Create two 
files index.xhtml and phpinfo.php with the code from 
code Listing 2 and 3 respectively and add and commit to 
the repository: 


dev# git add * 
dev# git commit -am "XHTML and PHP test page " 


dev# git log 


You should see a log file similar to Figure 4. 

Listing 1 is a standard XHTML page, with the XML and 
document type defined. In the next article, we will look at 
adding CSS and Javascript to this skeleton, but the impor- 
tant point to note here is that all the tags are “balanced” — 
every opening tag (e.g. <p>) has to have a matching clos- 
ing tag. To view this page, visit http://vouripaddress/index. 
xhtml in your browser. 

Listing 2 is a very simple PHP command — phpinfo (); 
displays all the configuration values, modules loaded 
etc. available to the PHP interpreter. You should see a 
page similar to Figure 3 if you visit http://vouripaddress/ 
phpinfo.php. 


In the Next Article 

We will look at code structure, program flow and how to 
embed CSS and Javascript in out pages. We will also 
start using SQL to dynamically generate pages. 


ROB SOMERVILLE 

Rob Somerville has been passionate about technology since his 
early teens. A keen advocate of open systems since the mid eight- 
ies, he has worked in many corporate sectors including finance, 
automotive, airlines, government and media in a variety of roles 
from technical support, system administrator, developer, systems 
integrator and IT manager. He has moved on from CP/M and nixie 
tubes but keeps a soldering iron handy just in case. 
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Organizational Structure 


and Culture at FreeBSD 


Nothing to Learn from Business Schools ;) 

Business Schools teach you during expensive MBA studies how 
managers should shape the structure and influence the culture of 
organizations so that they become more innovative. 


What you will learn... 

« What the organizational environment is like when you work for the 
FreeBSD project 

« What kind of organizational structure and culture is best suited to 
sustain innovation 


C oncepts such as natural systems, self-organiza- 
tion, creative swiping, boundary spanning, em- 
powerment... are known to be helpful in making 
employees more creative. To save you the trouble of pay- 
ing for costly business courses and based on my view as 
a committer, this article addresses the question to know 
whether or not FreeBSD is the right place to develop in- 
novative ideas. 

This article will start by briefly describing what the Free- 
BSD organization looks like using theoretical work from 
business academics. This in order to give an overview of 
how the project is organized for those who do not own a 
@FreeBSD.org address. Then the question of innovation 
sustainability will be approached and the most adequate 
organizational structures and cultures to support creativity 
will be presented. 

As a bonus and to keep the readers who are not in- 
terested in business concepts entertained, some ex- 
tracts from online conversations between FreeBSD de- 
velopers were included (nicknames were obfuscated 
and do not correspond to real FreeBSD developers' 
login). That way it is still possible to get an insight in- 
to FreeBSD's culture without bothering about the gory 
details. 


Bis ie mp hs meepa ian ee l male aan Heenan GAS AS tho Smo 
<tacoz> icanhasarm: sorry | only pay attention half of the time 


stapes bat basa an taliban dle tAtaescHar 
<tacoz> but keep on talking, it's interesting :) 
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What you should know... 


« No prerequisites required 


FreeBSD's from an Academic Perspective 

Let's imagine you as a freshly minted Business School 
graduate, in suit and tie (I know... but let's give it a try) 
and your boss is asking for a report on the Open Source 
movement and more specifically the FreeBSD organi- 
zation. Let's start by describing how the organization is 
structured. 


A Post-industrial Organization 

First we can say that FreeBSD presents many character- 
istics of a post-industrial organization (such as described 
by Bell in 1974 and Huber in 1984), that is a flexible struc- 
ture, a flattening in hierarchy, a blurring of boundaries be- 
tween insiders and outsiders and the use of advanced 
communication and computing technologies. 

Evolving in a flexible structure means that work units can 
be created or removed easily and organizational mem- 
bers are able to join several of them at the same time. 
At FreeBSD there exist many work units such as those 
dedicated to the ports collection, to file systems, network- 
ing, etc., most of them being listed on the wiki home page 
(httos:/wiki.FreeBSD.org). Developers are free to create 
new units or participate in any of those, depending only on 
their own motivation, technical skills and availability. 

Regarding the flattening in hierarchy, all FreeBSD com- 
mitters are at the same hierarchical level except for some 
people who are given the responsibility to ensure that a 
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certain portion of the system works as expected. This re- 
sults in the presence of small teams such as the Release 
Engineering Team which is responsible among other things 
for setting official FreeBSD release schedules, or the Port 
Management Team which ensures that the ports collection 
is functional, stable and up-to-date. The complete list of 
project teams with their areas of responsibilities is available 
at: htto://www.freebsd.org/administration.html. 

Furthermore, a handful of members are elected to be 
part of a core team. However this core team is not like a 
board of despotic directors but mainly has administrative 
responsibilities such as granting access to new develop- 
ers. Core also intervenes when there are strong disagree- 
ments between developers which is very rare from what | 
have experienced since | joined the project in 2010. 

As for the blurring of boundaries between insiders and 
outsiders this concept will be described in details later on 
when considering the boundary spanning concept. And fi- 
nally, the use of advanced communication and computing 
technologies is not surprising as it is part of FreeBSD's 
core business and developers rely on several communi- 
cation channels (emails, irc, wiki, etc.) to stay connected. 


<canadabald> there is something wrong in the universe 
<canadabald> no email in my inbox since midnight 
<icanhasarm> well, your mail server is probably dead 
<canadabald> checks 

<canadabald> mail server is fine 

<canadabald> maybe i can just take the day off 

<icanhasarm> maybe you already did 

<canadabald> i am not in my underwear watching sci-fi, so i 
don't think i took the day off 


A Natural System 

Then FreeBSD could also be considered as a natural sys- 
tem as defined by Scott (1981): a collectivity 'whose par- 
ticipants share a common interest in the survival of the 
system and who engage in collective activities, informally 
structured, to secure this end’. Such a natural system is 
characterized by its informal structure and a variety of in- 
terests which leads to a plurality of goals within the or- 
ganization. Indeed, some developers at FreeBSD prefer 
maintaining the ports tree, others writing documentation 
or hacking on the base system itself. 


<canadabald> icanhasarm: you want pictures of me, in my un- 
derwear, hacking freebsd while watching sci-fi? 

<icanhasarm> do you happen to hack freebsd ? 

<canadabald> icanhasarm: you know i don't really, i just hack 
Makefiles for ports 

<icanhasarm> oh of course, that 
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The BSD Certification Group Inc. 
(BSDCG) is a non-profit organization 
committed to creating and 
maintaining a global certification 
standard for system administration 
on BSD based operating systems. 


@ WHAT CERTIFICATIONS ARE AVAILABLE? 


BSDA: Entry-level certification suited for candidates 
with a general Unix background and at least six months of 
experience with BSD systems. 


BSDP: Advanced certification for senior system administrators 
with at least three years of experience on BSD systems. 
Successful BSDP candidates are able to demonstrate 

strong to expert skills in BSD Unix system administration. 


@ WHERE CANIGET CERTIFIED? 


We're pleased to announce that after 7 months of 
negotiations and the work required to make the exam 
available in a computer based format, that the BSDA 
exam is now available at several hundred testing centers 
around the world. Paper based BSDA exams cost $75 USD. 
Computer based BSDA exams cost $150 USD. The price of 
the BSDP exams are yet to be determined. 


Payments are made through our registration website: 
https://register.bsdcertification.org//register/payment 


@ WHERE CAN I GET MORE INFORMATION? 


More information and links to our mailing lists, LinkedIn 
groups, and Facebook group are available at our website: 
http://www.bsdcertification.org 


Registration for upcoming exam events is available at our 
registration website: 
https://register.bsdcertification.org//register/get-a-bsdcg-id 
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This led to the division into three different kinds of 'com- 
mit bits' (ports, doc, src), depending on the area of Free- 
BSD you are given the rights to apply some changes 
to. However there is no strict rule here and you could 
also commit in the ports tree even if you are a docu- 
mentation committer, as long as your patch was re- 
viewed by developers in the area for which you miss the 
commit bit. 

It is also interesting to note that from a strategic 
standpoint, natural systems tend to evolve and adapt 
depending on changes in both the internal and exter- 
nal environment rather than build upon strict plans and 
strategies. 


A Missionary Structure 

And last, Mintzberg would define FreeBSD as a mission- 
ary organization (Mintzberg, 1979) that is having /ittle 
planning and control, being fully decentralized, and using 
the standardization of norms as the coordinating mecha- 
nism. At FreeBSD those norms come either from clearly 
written rules such as style(9) manpage that explains how 
to format code, or from long lived traditions such as how 
to format ports commit messages. Such norms allow to 
constrain developers' behavior within certain pre-defined 
limits which is a way to control without the need for any hi- 
erarchy. The decentralization is also an aspect of FreeB- 
SD's structure with about 400 developers (list available at 
http://www.freebsd.org/doc/en/articles/contributors/staff- 
committers.html) spread around the world. 


Summary: FreeBSD traits 

From an academic standpoint we have seen that Free- 
BSD exhibited the characteristics of a post-industrial and 
a missionary organization as well as a natural system, 
that is: 


¢ flexible and informal structure 

e little planning and control, no strict strategy, but focus 
on adaptation instead 

¢ flat hierarchy 

¢ full decentralization 

¢ norms as a mean of coordination and control 

¢ permeable boundaries between insiders and outsiders 

¢ variety of interests and plurality of pursued goals 

¢ use of advanced communication and computing tech- 
nologies 


Now that FreeBSD's characteristics were highlighted, 
let's compare them with the best practices recommend- 
ed by Business Schools to bring creativity and sustain 
innovation in organizations. 
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Sustaining Innovation: Which Organizational 
Structure to set up? 
A self-organization 
In an attempt to become more responsive and creative, or- 
ganizations often invest in improvement and incremental 
change programs which usually have exotic names such 
as kaizen, six-sigma, etc. But more radical approaches 
exist and the one of interest here is the sel/f-organization 
which, unlike the above-mentioned strategies which focus 
on procedures and processes, focuses on people as the 
source for sustainable organizational innovation. 
Self-organization is a form of organization within which 
staff are empowered with absolute trust to organize their 
day-to-day work in a professional manner. Such a struc- 
ture advocates creativity through participative self-organi- 
zation. You believe it does not exist in real life? Well Sem- 
ler (1994) did it in his Brazilian company 'Semco' where 
he abolished most rules, norms and procedures. Financial 
information is available to all, employees are able to ap- 
point and appraise their managers, to set their own work- 
ing hours, titles, salaries, expenses and (within limits) 
share of the profits! 


“Semco’s standard policy is no policy. Many companies 
have entire departments that generate mountains of pa- 
perwork trying to contro! their employees. Take travel. 
At Semco, we want our people to spend whatever they 
think they should, as if they were taking a trip on their 
own, with their own money. If we’re afraid to let people 
decide in which section of the plane to sit or how ma- 
ny stars their hotel should have, we shouldn't be sending 
them abroad to do business in our name, should we?” 

— Semler, 1993 


Semler’s philosophy is to maximize worker participa- 
tion, decision making and public information, and to min- 
imize management control procedures that can inhibit 
creativity. And at a time when companies try to instill a 
few values to be respected by all its employees, Semco's 
success (and we saw the same applies to FreeBSD) is 
based on the promotion of autonomy and diversity. 


Boundary Spanning 
Boundary spanning (Aldrich and Herker, 1977) takes 
place when an employee brings information to the orga- 
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nization from the outside, by networking across traditional 
organizational borders. It was demonstrated that statisti- 
cally, the more boundary spanners an organization has 
the higher its degree of innovativeness (Newell and Clark, 
1990). This result would imply that innovation requires an 
ability to identify and adopt the most efficient technolo- 
gies and know-how from sources outside the organiza- 
tion. This is an ability owned by boundary spanners who 
are active in various networks and are able to keep pace 
with the latest developments in different areas. 

At FreeBSD we could say that almost all developers are 
boundary spanners as most of them work in other con- 
texts as part of their official job. This gives the opportunity 
to discuss and exchange ideas with other passionate en- 
gineers and facilitate inward flows of valuable information. 


<icanhasarm> | have a trick, | have a windows desktop 
<icanhasarm> it's so cool because you can use communicator 
<icanhasarm> and do you know what communicator have? 
ANIMATED SMILEYS 

<bsdng> wow like caramail chat ! 

<icanhasarm> a bit, except they are professionnal smileys 
<icanhasarm> because communicator is a serious tool 
<icanhasarm> look how professionnal it looks 


Virtual Teams 

Virtual teams are composed of members based at differ- 
ent locations and connected electronically to each other. 
Young (1998) states that such teams are a powerful way 
of working and the new production unit of knowledge and 
innovation. In theory it allows organizations to work con- 
tinuously on projects over 24 hours thanks to the span of 
members over multiple time zones. 


passive behavior 
dependence 

few ways of behaving 
erratic and shallow interests 
short-time perspectives 


subordinate position 
lack of self-awareness 


Figure 1. Organizational maturity continuum 
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<icanhasarm> | wrote almost 50 LoC today, that's certainly 
enough 
<tacoz> |! wish | had that much productivity 


But the reality seems a bit less glamour and Storey and 
Salaman (2005) found few actual examples of success- 
ful implementation of such teams. However, FreeBSD is 
a living proof that virtual teams can bring great success 
to an organization. With developers spread all around 
the world the project never stops and communications 
are ongoing 24/7 on irc channels. 

Maybe the biggest constraint for commercial organiza- 
tion when they try to set up virtual teams is that, as noticed 
by Young (1998): 'the notion of control goes out of the win- 
dow, along with management in its strict sense’. And con- 
trol is not something managers are willing to abandon, un- 
like within the FreeBSD project where the hierarchy is flat. 


Summary: Organizational Maturity 

As for people, it seems that organizations exhibit different 
levels of maturity. Argyris (1957) argued that traditional orga- 
nizations (having hierarchical layers with chain of commands 
and lack of delegated authority, task specification, etc) keep 
people immature. On the contrary, more radical self-organiz- 
ing forms of collectivities such as FreeBSD are expected to 
provide more lively, and creative places to work. 


<icanhasarm> moin tacoz 
<tacoz> hey icanhasarm, wanna help me procrastinate? 
<icanhasarm> | don't know I'm kinda tired 


Based on Argyris' cretiera we could assert that FreeB- 
SD is a very mature organization as depicted in Figure 1. 


active behavior 
independence 

diverse behaviours 

deep and strong interests 
long-time perspectives 
equal position 
self-awareness 
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As an exercise left for the reader it would be interesting 
to evaluate where they believe their own organization 
lies within this maturity continuum. 


Sustaining Innovation: is Organizational 
Culture Involved? 
Empowerment 
The principal aim of empowerment is to increase the or- 
ganization's flexibility and speed of response, but it could 
also lead to a more cooperative, committed and proactive 
workforce which helps in sustaining innovation. There ex- 
ists an empowerment continuum ranging from very limit- 
ed autonomy, such as at McDonald where employees are 
only free to use non-standard greetings to welcome cus- 
tomers, to extensive empowerment such as Semco where 
we have seen that employees could set their own wages 
and travel budgets! 

Marchington et al. (1992) represent this empowerment 
continuum using a stairway as shown in Figure 2. 

Clearly, developers at FreeBSD are at the same em- 
powerment level as Semco: they have a Say in all deci- 
sions and they control when, on what and with whom they 
want to work. In other words we find truly self-managing 
work teams at FreeBSD with almost no limits to their au- 
tonomy, which is very rare in practice. Bowen et al. (1992) 
refer to this as high-involvement work systems and sug- 
gest that those can be very effective. 


Control 
Codetermination 


Consultation 


Communication 


Figure 2. Stairway to empowerment 
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| experienced in some of my previous companies forms 
of "confined" empowerment with the creation of small 
and dedicated R&D teams which were given more con- 
trol upon their work organization (freedom to choose ei- 
ther the research subject or define the planning and set 
deadlines). This often led to a rise in motivation and cre- 
ativity amongst team members, but it was nothing com- 
pared to what | live within FreeBSD which pushes this 
concept of empowerment much further. 


Motivation and hierarchy of needs 
The motivation of creative workers relies on a few ingredi- 
ents listed by Amabile (1998): 


¢ challenge 

¢ freedom 

¢ resources (time and money) 
¢ work-group features 

* supervisory encouragement 
¢ organizational support 


Those of you who are able to say they find all this at their 
work place, lucky you! But | seriously doubt it. At Free- 
BSD we have almost all of those ingredients: challeng- 
ing tasks and total freedom (the sky is the limit, you can 
choose whatever subject to work on), work-group fea- 
tures (again, you can choose whichever team you want 
to join or create your own work group). Regarding super- 
visory encouragement you always get a warm welcome 
from your mentors when you join the project, but after 
your mentoring period it's up to you to gather momentum 
on the subject you are working on. For the organization- 
al support you have access to the project's infrastructure 
and regarding financial resources the FreeBSD Founda- 
tion could provide you with grants to attend conferenc- 
es or to sponsor your work. However, budgets are quite 
limited compared to commercial organizations similar in 
size as it relies on public donations (go visit http://www. 
freebsdfoundation.org/ to support the project!). 

Also useful in our context is Maslow's framework related 
to motivation, famously known as the pyramid of needs 
(Maslow, 1954) and displayed in Figure 3. It would make 
sense to say that innovation is brought by knowledge 
workers who are looking for motivation from the highest 
levels of the pyramid, that is self-actualization. And Free- 
BSD is a good place to find self-actualization under the 
form of challenging projects within which it is natural to 
learn at a high level from other experienced engineers. 
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Note that lower needs could also be fulfilled at FreeB- 
SD especially social needs with the ability to participate 
in team work and exchange ideas during meetings and 
conferences. 


Creative swiping and the NIH syndrom 

Tom Peters invented the term ‘creative swiping’ to de- 
scribe the practice of borrowing good ideas from other 
companies (Peters, 1987). He said: “Put NIH (Not Invent- 
ed Here) behind you — and learn to copy (with unique ad- 
aptation/enhancement) from the best!”. 


Such creative swiping greatly improves an organization's 
rate of innovation as advocated by Procter & Gamble's 
Huston and Sakkab (2006): 'We needed to move the 


company’s attitude from resistance to innovations “not 
invented here” to enthusiasm for those “proudly found 
elsewhere.” And we needed to change how we defined, 
and perceived, our R&D organization—from 7,500 people 
inside to 7,500 plus 1.5 million outside, with a permeable 
boundary between them’. 

| can think of several examples of creative swiping at 
FreeBSD: pf (taken from OpenBSD), BSM Audit, MAC, 
DTrace, zfs (adapted from Sun/OpenSolaris/IIlumos). 
ZFS for instance was imported from the OpenSolaris proj- 
ect and improvements were made to it such as the TRIM 
support implementation by pjd@. 


Playfulness 

Innovation guru Michael Schrage states that 'innovation is 
less the product of how innovators think than a by-product 
of how they behave' (Schrage, 2000). He believes ‘seri- 
ous play' is not an oxymoron and assures that 'you can't 
be a serious innovator unless you are willing and able to 
play'. What there is to understand here is that the playful- 
ness behavior exhibited by creative people refers to an 
ability to be mentally flexible. While people with a rigid 
view of the world might feel uncomfortable approaching 
ambiguous problems, playful minds more easily accept 
ambiguity and are able to stand outside the mainstream 
of thoughts, leading to creative thinking. Indeed, mental 


Need for self-actualization (challenging 
projects, opportunities for innovation and 
creativity, learning at a high level...) 


Need for self-esteem (recognition of strength - 
intelligence, prestige and status...) 


Social needs - belonging (acceptance, group 
membership, love and affection...) 


Need for safety and security (physical safety, 
economic security, comfort, peace...) 


Physical survival needs (water, food, sleep, 
health, sex...) 


Figure 3. Pyramid of needs 
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flexibility implies a mind which is able to tolerate ambiguity 
and switch perspectives, and helps creative people mak- 
ing sense of conflicting viewpoints. 

Coming back to FreeBSD, the irc extracts reproduced 
in this article reflect the fact that playfulness is part of 
FreeBSD's culture. This contributes to make developers 
comfortable and willing to take risks, pushing their ideas 
without fearing to get systematically blamed by a cohort 
of hostile colleagues. It also make people want to spend 
more time within this playful environment some develop- 
ers Call the Zoo :) 
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Conclusion 

We have seen the ingredients necessary to sustain inno- 
vation in an organizational context. | tried to show using 
a few theoretical models that FreeBSD is a great place to 
work and to nurture innovative ideas. Do you recognize 
some of those ingredients in your own company? If not, 
why not getting inspired by what is done at FreeBSD and 
make some propositions to your managers? And if you 
are still an outsider, why not trying to cross our perme- 
able boundaries and become part of the FreeBSD proj- 
ect? This way you could experience a work environment 
you could hardly find anywhere else. So, see you soon at 
the zoo! 
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